This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes JDBC and the fly likes Error in output Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "Error in output" Watch "Error in output" New topic
Author

Error in output

Dhivya rajagopal
Ranch Hand

Joined: Dec 15, 2010
Posts: 42
Hi, I have created 1 login form
data source name-loginform
table name - loginforms
The table contains 2 fields - name and password. I have created 3 forms. First form name is "Login".In this form , I have placed 2 labels for user name and password, 1 textfield,1passwordfield, and 4 buttons for submit,clear,exit,login.After entering the values , if i click submit button then the values entered will be stored in database.If i click login button, it displays another form namely "LoginPage".
In this form , I have placed 2 labels for user name and password, 1 textfield,1passwordfield, and 2 buttons for submit and update.After entering the values , if i click submit button , it match both username and password , if both matches, it will show another form namely "WelcomePage".otherwise it will display "invalid username and password".
If i click update button, the text entered in passwordfield should be updated instead of old password.
I entered the following code to update the values.but it shows error

It shows the following error
Exception:java.sql.SQLException: [Microsoft][ODBC SQL Server Driver][SQL Server]The name 'password' is not permitted in this context. Only constants, expressions, or variables allowed here. Column names are not permitted.

Can you please tell me how too resolve the error
Matthew Brown
Bartender

Joined: Apr 06, 2010
Posts: 4370
    
    8

Hi,

OK, first of all, that's not the syntax for a SQL INSERT statement - you need to recheck what it ought to look like.

Secondly, even once you've fixed it that's am injection attack waiting to happen. What happens if someone enters a string with a single quote in it, for instance? Your SQL statement will break (possibly with serious consequences). You should never create a SQL statement by sticking strings together like that. Instead, use a PreparedStatement with bind variables. See http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html for an example of how to do it.
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19674
    
  18

What do you need to do? Insert a new record, or update an existing? You should use the following syntax for those (for use in PreparedStatement as Matthew suggested):


SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6
How To Ask Questions How To Answer Questions
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Error in output