Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

connection problem

 
Nicky Eng
Ranch Hand
Posts: 378
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
my connection to database in "Adding.java" is okay. it can add record into table of database.

but i have problem with the connection to database in "Search.java" file.

as i created many textfields, and a button. top textfield require user to key in the "id", then enter "search" button.
-------------
String find_query="SELECT * FROM Add WHERE Product_ID =" +selectFind.getText();
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver"); //load database driver class
Connection cn= DriverManager.getConnection("jdbc dbc:CineHome");
Statement s= cn.createStatement();
ResultSet rs=null;

if(ae.getSource()==searchBtn)
{
rs=s.executeQuery(find_query);

rs=s.getResultSet();
rs.next();
// set data to String because it is currency in database
String a=String.valueOf(rs.getFloat(2));
// here i display data in some other textfield
textfield1.setText(rs.getString(1);
textfield2.setText(a);

}
---------------------------------
in whole coding, i have try and catch blocks. well the problem is that the error message said: too few parameters Expected: 1

anyone could help???
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
String find_query="SELECT * FROM Add WHERE Product_ID =" +selectFind.getText();

This is likely to be your problem, and possibly a dangerous one at that. The simple answer is thatyou need to surround the string with single quotes:

String find_query="SELECT * FROM Add WHERE Product_ID = '" +selectFind.getText() + "'";

BUT this may allow users to corrupt your database by sending malicious code. If the text enetered is name';delete from Add where product_id like '% then the execute code would be:

SELECT * FROM Add WHERE Product_ID = 'name';
delete from Add where product_id like '%';

... and I'm pretty sure this is not what you intend. I recommend PreparedStatements - it 'excapes' the Strin entered and makes it safer. It has opther advantages, but this is the main point for you in this case:



Dave
 
Nicky Eng
Ranch Hand
Posts: 378
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for your info, pal.

but after i made changes, it keep give different error message, like firstly was too few parameters error, then "data type mismatch", and then "invalid cursor state"...

any full coding for prevent this error?
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


Your problems are likely caused by
* the rs.next() when no data is returned causin and invalid cursor state
* using getFloat to return a String, or is it a String. I can't tell

I won't be available to follow up, sorry. I hope this helps!

Dave
 
Nicky Eng
Ranch Hand
Posts: 378
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks again.

i will look again for it in API there.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic