Guys need help to solve this problem. What i am trying to do here is, suppose from an HTML page user enters something into a textarea and passes submit. From my servlet then i am getting that user submitted value like this way:
Now when a SQL statement i want to run based on this user's input then there i am facing problem.
When i am writing the following SQL Statement, then everything is fine:
But when i want to use the User's input into the SQL Statement like below then facing the problem:
Don't build SQL strings like that. For one thing it's error-prone, as you can see from your own post (I will leave you to google those error codes to find out what you did wrong). For another thing it makes your system liable to SQL injection attacks (I will leave you to google that too, and I strongly advise you to do so.)
followed by code which sets the parameter values. I'm going to assume that your ID column is a String, in which case you would write:
I believe your ID column is a String because you got an error message; if the column were a String then you would have had to surround the value you were comparing the column to with quotes, and you didn't do that, which would cause an error message. But don't try to fix the code by surrounding the value with quotes, as that isn't a complete fix. First there's the SQL injection issue, and then there's the issue of what happens if the input value already contains a quote. (Hint: you get an error.) PreparedStatement takes care of all of that for you. Use it.
Guess what Paul, after reading such a wonderful reply of your's i though i must have to do so in your way......and.......I did it !!! Wonderful man...i learned a great thing just because of you. This is why a learned person is always diferent and unique than others. They know how to motivate people, they know how to talk to a people in a way so they easily can understand. God bless you man.
Always be unique like the way you are. Best wishes