Java -> MySQL query issue -
i trying create java query insert mysql keep getting errors. please see code below. ps connection db fine.
here query being called
public string newempinsert() { return newempinsert; } private string newempinsert = "insert empinfo" + "(firstname, lastname, ssn, address, salary, pin, emplevel, contactinfo) " + "values ("+firstname+", "+lastname+", "+ssn+", "+address+", "+salary+", "+pin+","+emplevel+", "+contactinfo+")"; here handler being called main
public void newempinsert() { // sql connection connection conn = null; try { conn = mysql_connection_test.getconnection(); // create statement statement statement = conn.createstatement(); statement.executequery(queries.newempinsert()); } catch (sqlexception e) { // todo auto-generated catch block //e.printstacktrace(); system.out.println("--------->>invalid query!!!!<<--------------"); system.out.println("your query has error, please try again!!"); } // close connection { try { conn.close(); system.out.println("database closed"); } catch (sqlexception e) { // todo auto-generated catch block e.printstacktrace(); } system.out.println("database closed"); } } every time run query getting invalid query catch. variables being set within class , everything.
your issue here cause build wrong sql statement. on code missing single quote on text field. approach build statement not good, easy failure special character ' or " , expose sql inject attach. try using prepare statement , bind parameters.
Comments
Post a Comment