How do I make a prepared statement?
10,698
Solution 1
You need to substitute values with question marks ?
as placeholders.
String sql = "INSERT INTO studenten (id, naam, adres, postcode, plaats, geboren)"
+ " VALUES (?, ?, ?, ?, ?, ?)";
Connection connection = null;
PreparedStatement statement = null;
try {
connection = database.getConnection();
statement = connection.prepareStatement(sql);
statement.setLong(lastId + 1); // Why don't you use an generated sequence? This is plain ugly and errorprone.
statement.setString(contact.getNaam());
statement.setString(contact.getAdres());
statement.setString(contact.getPostcode());
statement.setString(contact.getPlaats());
statement.setDate(new java.sql.Date(contact.getGeboren().getTime())); // Assuming it returns java.util.Date
statement.executeUpdate();
} finally {
// Always close in finally to prevent resource leaks.
if (statement != null) try { statement.close(); } catch (SQLException ignore) {}
if (connection != null) try { connection.close(); } catch (SQLException ignore) {}
}
See also:
Solution 2
Here is a better way to do it:
String sql = "INSERT INTO studenten (id, naam, adres, postcode, plaats, geboren)"
+ " VALUES (?, ?, ?, ?, ?, ?)"
try {
connection = database.getConnection();
statement = connection.prepareStatement(sql);
statement.setLong(1,your_id_value);
statement.setString(2,contact.getNaam());
statement.setString(3,contact.getAdres());
statement.setString(5,contact.getPlaats()); // order doesn't matter now you can give the index of the parameter
statement.setString(4,contact.getPostcode());
statement.setDate(6,getGeboren());
statement.executeUpdate();
// or System.out.println(statement.executeUpated()) to see how many row are effected by this query
statement.close();
} catch(java.sql.Exception sql_exception ){
//you can see what goes wrong here with your statement
e.printStackTrace();
}
Author by
Jay
Updated on July 28, 2022Comments
-
Jay almost 2 years
How can I make an prepared statement of this one?
Statement stmt = con.createStatement(); long lastid = getLastId(stmt); // create a SQL query String strQuery = "INSERT INTO studenten " + " (id, naam, adres, postcode, plaats, geboren) " + " VALUES (" + (lastid+1) + "," + "'" + contact.getNaam() + "'," + "'" + contact.getAdres() + "'," + "'" + contact.getPostcode() + "'," + "'" + contact.getPlaats() + "'," + "{d '" + contact.getGeboren() + "'}" + ") "; stmt.executeUpdate(strQuery); stmt.close(); con.close();
-
Justin Niessner over 13 yearsWhat database system are you using?
-
-
Jay over 13 yearsthanks!the lastID thingy is just part of the source I needed to edit, not sure why they use