Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Strange SQL statements being inserted into database

 
mithesh raj
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I have a problem with my Java application. The application is based on users who have to enter their username (their email address) so as to fill in an input form. The functionality of the input form is that the user has to enter for book names in order of priority. In the application, suppose a user's email address is "david.ferno@gmail.com"....he will have to input only "david.ferno" in the JTextBox...and a SQL LIKE statement is used check the corresponding User ID from the "bookuser" table and store it into the "priority" table along with the book priority choices.

I have used PreparedStatement for the SQL retrieval from database but when values are being inserted to the , instead of saving User ID like "user88", it is saving the SQL statement itself inside the database. What mean to say, in the "priority" table, instead of saving user88 (as an example)....it is saving "SELECT User_ID FROM user WHERE email_address"

Here are my codes>>

 
Jelle Klap
Bartender
Posts: 1951
7
Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If the idea is to make the SELECT query a subquery in the INSERT query, that's not going to work this way. What you'd need to do is create a PreparedStatement for the entire insert SQL String, which must include the select subquery, and instead of concatenating user input directly into that query String, use parameters like you do in the current select query String (the ? notation).
 
chris webster
Bartender
Posts: 2407
32
Linux Oracle Postgres Database Python Scala
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In your "sql" string, you are inserting the value of your original "SELECT" statement (squery) into the first column of the table called "priority". As Jelle says, you need to write your SQL properly - and test it in your database's SQL shell before you throw it into a Java program, so you can be sure your SQL works.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic