This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes JDBC and the fly likes connection problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "connection problem" Watch "connection problem" New topic
Author

connection problem

Nicky Eng
Ranch Hand

Joined: Mar 26, 2005
Posts: 378
my connection to database in "Adding.java" is okay. it can add record into table of database.

but i have problem with the connection to database in "Search.java" file.

as i created many textfields, and a button. top textfield require user to key in the "id", then enter "search" button.
-------------
String find_query="SELECT * FROM Add WHERE Product_ID =" +selectFind.getText();
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver"); //load database driver class
Connection cn= DriverManager.getConnection("jdbc dbc:CineHome");
Statement s= cn.createStatement();
ResultSet rs=null;

if(ae.getSource()==searchBtn)
{
rs=s.executeQuery(find_query);

rs=s.getResultSet();
rs.next();
// set data to String because it is currency in database
String a=String.valueOf(rs.getFloat(2));
// here i display data in some other textfield
textfield1.setText(rs.getString(1);
textfield2.setText(a);

}
---------------------------------
in whole coding, i have try and catch blocks. well the problem is that the error message said: too few parameters Expected: 1

anyone could help???


From NickyEng
Diploma in Computer Studies
SCJP 1.4
SCWCD 1.4
Formula 1 app by Maxis (Playbook)
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

String find_query="SELECT * FROM Add WHERE Product_ID =" +selectFind.getText();

This is likely to be your problem, and possibly a dangerous one at that. The simple answer is thatyou need to surround the string with single quotes:

String find_query="SELECT * FROM Add WHERE Product_ID = '" +selectFind.getText() + "'";

BUT this may allow users to corrupt your database by sending malicious code. If the text enetered is name';delete from Add where product_id like '% then the execute code would be:

SELECT * FROM Add WHERE Product_ID = 'name';
delete from Add where product_id like '%';

... and I'm pretty sure this is not what you intend. I recommend PreparedStatements - it 'excapes' the Strin entered and makes it safer. It has opther advantages, but this is the main point for you in this case:



Dave
Nicky Eng
Ranch Hand

Joined: Mar 26, 2005
Posts: 378
thanks for your info, pal.

but after i made changes, it keep give different error message, like firstly was too few parameters error, then "data type mismatch", and then "invalid cursor state"...

any full coding for prevent this error?
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459



Your problems are likely caused by
* the rs.next() when no data is returned causin and invalid cursor state
* using getFloat to return a String, or is it a String. I can't tell

I won't be available to follow up, sorry. I hope this helps!

Dave
Nicky Eng
Ranch Hand

Joined: Mar 26, 2005
Posts: 378
thanks again.

i will look again for it in API there.
 
jQuery in Action, 2nd edition
 
subject: connection problem
 
Similar Threads
Can't Update Record ?
Can't Update Record ?
jdbc
Please help me the problem in rs.previous
java.lang.NoClassDefFoundError: oracle/jdbc/OracleDriver