JDBC - How to insert a string value

java mysql sql jdbc
14,386

For various reasons, it is better to use java.sql.PreparedStatement. to execute statements with parameters. For example, if you want to avoid sql injection attacks.

See the examples in Using Prepared Statements from The Java Tutorials.

The advantage of using SQL statements that take parameters is that you can use the same statement and supply it with different values each time you execute it.

PreparedStatement pstmt = conn.prepareStatement(
   "UPDATE EMPLOYEES SET FIRST_NAME= ? WHERE ID = ?");

pstmt.setString(1, "user1080390"); // set parameter 1 (FIRST_NAME)
pstmt.setInt(2, 101); // set parameter 2 (ID)

int rows = pstmt.executeUpdate(); // "rows" save the affected rows
Share:
14,386
user1080390
Author by

user1080390

Updated on June 14, 2022

Comments

  • user1080390
    user1080390 almost 2 years

    When trying to insert the value of a string into my db using JDBC instead of inserting the String's value it inserts the String's name.

    I have a string named firstName, the value of this string is given by user input.

    Here is my sql statement:

    String sql = "Insert INTO users (ID, firstName, address) VALUES ('124','+firstName()','123')";
  • user1080390
    user1080390 almost 12 years
    I'll be sure to read up on PreparedStatement's in the coming weeks. Unfortunately , and I know this sounds bad; I haven't the time right at this moment, I have to meet a deadline for tommorow. Is there any chance you could be more specific?
  • leonbloy
    leonbloy almost 12 years
    This is the dirty and dangerous way, error prone (what if firstName contains quotes?), and, above all, has the danger of SQL injection attacks. Never do this in real code.
  • user1080390
    user1080390 almost 12 years
    Provider.java:90: cannot find symbol symbol : method firstName() localtion: class Provider String sql = "Insert INTO users (ID, firstName, address) Values ('124','"+firstName()+"','123')"; ^
  • Jonathan
    Jonathan almost 12 years
    The time you spend trying out dirty hacks could be spent reading up PreparedStatments and using it. Paul's code snippet should be enough to get you going.
  • user1080390
    user1080390 almost 12 years
    I tried to modify the prepared insert statement from this thread: stackoverflow.com/questions/1073101/… But I received the error: Cannot find symbol preparedstatement ...
  • Paul Vargas
    Paul Vargas almost 12 years
    Be sure to properly import the necessary classes. Perhaps import java.sql.*; might suffice.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to fetch entire row as array of objects with JDBC
Caching in JDBC
java.sql.SQLException: Access denied for user 'root'@'localhost' (using password: YES)
java.sql.SQLException: No value specified for parameter 5, but the string length is 4, not 5
JDBC: Inserting Date values into MySQL
How to use prepared statement for select query in Java?
Execute multiple queries using a single JDBC Statement object
java.sql.SQLException: No suitable driver found for jdbc:mysql://localhost:3306/dbname
A datetime equivalent in java.sql ? (is there a java.sql.datetime ?)
Multiple queries executed in java in single statement