How do I make a prepared statement?

java jdbc prepared-statement
10,698

Solution 1

You need to substitute values with question marks ? as placeholders.

String sql = "INSERT INTO studenten (id, naam, adres, postcode, plaats, geboren)"
     + " VALUES (?, ?, ?, ?, ?, ?)";
Connection connection = null;
PreparedStatement statement = null;

try {
    connection = database.getConnection();
    statement = connection.prepareStatement(sql);
    statement.setLong(lastId + 1); // Why don't you use an generated sequence? This is plain ugly and errorprone.
    statement.setString(contact.getNaam());
    statement.setString(contact.getAdres());
    statement.setString(contact.getPostcode());
    statement.setString(contact.getPlaats());
    statement.setDate(new java.sql.Date(contact.getGeboren().getTime())); // Assuming it returns java.util.Date
    statement.executeUpdate();
} finally {
    // Always close in finally to prevent resource leaks.
    if (statement != null) try { statement.close(); } catch (SQLException ignore) {}
    if (connection != null) try { connection.close(); } catch (SQLException ignore) {}
}

See also:

Solution 2

Here is a better way to do it:

String sql = "INSERT INTO studenten (id, naam, adres, postcode, plaats, geboren)"
     + " VALUES (?, ?, ?, ?, ?, ?)"

try {
    connection = database.getConnection();
    statement = connection.prepareStatement(sql);
    statement.setLong(1,your_id_value);
    statement.setString(2,contact.getNaam());
    statement.setString(3,contact.getAdres());
    statement.setString(5,contact.getPlaats());  // order doesn't matter now you can give the index of the parameter
    statement.setString(4,contact.getPostcode());
    statement.setDate(6,getGeboren());
    statement.executeUpdate();

    // or System.out.println(statement.executeUpated())  to see how many row are effected by this query
    statement.close();
} catch(java.sql.Exception sql_exception ){
    //you can see what goes wrong here with your statement 
    e.printStackTrace();
}
Share:
10,698
Jay
Author by

Jay

Updated on July 28, 2022

Comments

  • Jay
    Jay almost 2 years

    How can I make an prepared statement of this one?

        Statement stmt = con.createStatement();

    long lastid = getLastId(stmt);

    // create a SQL query
    String strQuery = "INSERT INTO studenten " +
    " (id, naam, adres, postcode, plaats, geboren) " +
    " VALUES (" + (lastid+1) + "," +
        "'" + contact.getNaam() + "'," +
        "'" + contact.getAdres() + "'," +
        "'" + contact.getPostcode() + "'," +
        "'" + contact.getPlaats() + "'," +
      "{d '" + contact.getGeboren() + "'}" +
    ") ";

    stmt.executeUpdate(strQuery);      
    stmt.close();
    con.close();
    • Justin Niessner
      Justin Niessner over 13 years
      What database system are you using?
  • Jay
    Jay over 13 years
    thanks!the lastID thingy is just part of the source I needed to edit, not sure why they use

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Preventing SQL Injection in JDBC without using Prepared Statements
What to use: executeUpdate() or execute()?
com.microsoft.sqlserver.jdbc.SQLServerException: The value is not set for the parameter number 1
Inserting custom date and current time into Oracle database using string variables
Rollback batch execution when using jdbc with autocommit=true
Do I get a memory leak by not closing my JDBC PreparedStatements?
Creation of a prepared statement inside a loop
How does Java's PreparedStatement work?
How to use MySQL prepared statement caching?
Passing array parameter in prepare statement - getting "java.sql.SQLFeatureNotSupportedException"