| Author |
polling in jsp
|
kanan devi
Greenhorn
Joined: Oct 27, 2008
Posts: 9
|
|
plize tell me is it correct code
try
{
Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver");
Connection conn = DriverManager.getConnection("jdbc:microsoft:sqlserver://database:1433","sa","123");
Statement st2=conn.createStatement();
String sql1 = "INSERT INTO tab.dbo.poll (a) VALUES ('"+radioVal+"')";
Statement st1=conn.createStatement();
st1.executeUpdate(sql1);
st1.close();
conn.close();
}
catch(Exception ex)
{
out.println(ex.getMessage());
}
%>
thanks for your help
|
 |
Freddy Wong
Ranch Hand
Joined: Sep 11, 2006
Posts: 959
|
|
|
To me, that code seems like inserting a record into the database. By the way, instead of asking whether the code is right or wrong. Have you tried to run it and see it's correct?
|
SCJP 5.0, SCWCD 1.4, SCBCD 1.3, SCDJWS 1.4
My Blog
|
|
Jeanne Boyarsky
internet detective
Marshal
Joined: May 26, 2003
Posts: 26192
|
|
Kanan,
Two best practices:
1) Use a PreparedStatement (with a question mark) rather than string appending the option in. This presents SQL injection attacks where someone can execute arbitrary SQL code.
2) Keep SQL code out of a JSP. It really should be in a Java class (called from a servlet not a JSP.)
As for right and wrong, it depends what you want the code to do.
|
[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
|
|
 |
|
|
subject: polling in jsp
|
|
|
0
