my connection to database in "Adding.java" is okay. it can add record into table of database.
but i have problem with the connection to database in "Search.java" file.
as i created many textfields, and a button. top textfield require user to key in the "id", then enter "search" button. ------------- String find_query="SELECT * FROM Add WHERE Product_ID =" +selectFind.getText(); Class.forName("sun.jdbc.odbc.JdbcOdbcDriver"); //load database driver class Connection cn= DriverManager.getConnection("jdbc dbc:CineHome"); Statement s= cn.createStatement(); ResultSet rs=null;
rs=s.getResultSet(); rs.next(); // set data to String because it is currency in database String a=String.valueOf(rs.getFloat(2)); // here i display data in some other textfield textfield1.setText(rs.getString(1); textfield2.setText(a);
} --------------------------------- in whole coding, i have try and catch blocks. well the problem is that the error message said: too few parameters Expected: 1
anyone could help???
Diploma in Computer Studies
Formula 1 app by Maxis (Playbook)
String find_query="SELECT * FROM Add WHERE Product_ID =" +selectFind.getText();
This is likely to be your problem, and possibly a dangerous one at that. The simple answer is thatyou need to surround the string with single quotes:
String find_query="SELECT * FROM Add WHERE Product_ID = '" +selectFind.getText() + "'";
BUT this may allow users to corrupt your database by sending malicious code. If the text enetered is name';delete from Add where product_id like '% then the execute code would be:
SELECT * FROM Add WHERE Product_ID = 'name'; delete from Add where product_id like '%';
... and I'm pretty sure this is not what you intend. I recommend PreparedStatements - it 'excapes' the Strin entered and makes it safer. It has opther advantages, but this is the main point for you in this case: