File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

query trouble

 
Anand Shrivastava
Ranch Hand
Posts: 125
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
kindly see the following code

pgres.otherquery("insert into public.author (authorname) values ('"+jComboBox3.getSelectedItem().toString().trim()+"'");
pgres.otherquery("insert into public.subject (subject) values ('" + jComboBox1.getSelectedItem().toString().trim()+"'");
aset = pgres.selectquery("select authid from public.author where authorname =" + jComboBox3.getSelectedItem());
sset = pgres.selectquery("select sid from public.subject where subject =" + jComboBox1.getSelectedIndex());
try {
pgres.otherquery("insert into public.author_subject values (" + aset.getInt("authorid")+", "+sset.getInt("sid") +")");
}
catch (Exception E) {System.out.println(E.getMessage());}

it gives the error message syntax error at the end of input. Probably this is the error message returned by the database.
 
Ernest Friedman-Hill
author and iconoclast
Marshal
Pie
Posts: 24204
34
Chrome Eclipse IDE Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Don't do this -- use PreparedStatement. It will handle the quoting for you and whatever mistake you've made here, won't happen. Furthermore, it's far more secure -- code like this leaves you wide open for SQL injection attacks!

I'm moving this to our JDBC forum for any follow-up.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic