Java -> MySQL query issue -

- May 15, 2013

i trying create java query insert mysql keep getting errors. please see code below. ps connection db fine.

here query being called

public  string newempinsert() {     return newempinsert; }  private string newempinsert = "insert empinfo"     + "(firstname, lastname, ssn, address, salary, pin, emplevel, contactinfo) "     + "values ("+firstname+", "+lastname+", "+ssn+", "+address+", "+salary+",  "+pin+","+emplevel+", "+contactinfo+")";

here handler being called main

    public void newempinsert() {      // sql connection     connection conn = null;     try {         conn = mysql_connection_test.getconnection();         // create statement         statement statement = conn.createstatement();         statement.executequery(queries.newempinsert());      }      catch (sqlexception e) {         // todo auto-generated catch block         //e.printstacktrace();         system.out.println("--------->>invalid query!!!!<<--------------");         system.out.println("your query has error, please try again!!");     }      // close connection     {         try {             conn.close();             system.out.println("database closed");         }          catch (sqlexception e) {             // todo auto-generated catch block             e.printstacktrace();         }         system.out.println("database closed");     } }

every time run query getting invalid query catch. variables being set within class , everything.

your issue here cause build wrong sql statement. on code missing single quote on text field. approach build statement not good, easy failure special character ' or " , expose sql inject attach. try using prepare statement , bind parameters.

Search This Blog

GHI

Java -> MySQL query issue -

Comments

Post a Comment

Popular posts from this blog

java - Intellij Synchronizing output directories .. -

git - Initial Commit: "fatal: could not create leading directories of ..." -

android - Bug AutocompleteTextView width in dual pane Fragment UI -