Win a copy of Pro Spring MVC with WebFlux: Web Development in Spring Framework 5 and Spring Boot 2 this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Jeanne Boyarsky
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Bear Bibeault
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:
  • Frits Walraven
  • Himai Minh

connection problem

 
Ranch Hand
Posts: 378
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
my connection to database in "Adding.java" is okay. it can add record into table of database.

but i have problem with the connection to database in "Search.java" file.

as i created many textfields, and a button. top textfield require user to key in the "id", then enter "search" button.
-------------
String find_query="SELECT * FROM Add WHERE Product_ID =" +selectFind.getText();
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver"); //load database driver class
Connection cn= DriverManager.getConnection("jdbc dbc:CineHome");
Statement s= cn.createStatement();
ResultSet rs=null;

if(ae.getSource()==searchBtn)
{
rs=s.executeQuery(find_query);

rs=s.getResultSet();
rs.next();
// set data to String because it is currency in database
String a=String.valueOf(rs.getFloat(2));
// here i display data in some other textfield
textfield1.setText(rs.getString(1);
textfield2.setText(a);

}
---------------------------------
in whole coding, i have try and catch blocks. well the problem is that the error message said: too few parameters Expected: 1

anyone could help???
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
String find_query="SELECT * FROM Add WHERE Product_ID =" +selectFind.getText();

This is likely to be your problem, and possibly a dangerous one at that. The simple answer is thatyou need to surround the string with single quotes:

String find_query="SELECT * FROM Add WHERE Product_ID = '" +selectFind.getText() + "'";

BUT this may allow users to corrupt your database by sending malicious code. If the text enetered is name';delete from Add where product_id like '% then the execute code would be:

SELECT * FROM Add WHERE Product_ID = 'name';
delete from Add where product_id like '%';

... and I'm pretty sure this is not what you intend. I recommend PreparedStatements - it 'excapes' the Strin entered and makes it safer. It has opther advantages, but this is the main point for you in this case:



Dave
 
Nicky Eng
Ranch Hand
Posts: 378
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thanks for your info, pal.

but after i made changes, it keep give different error message, like firstly was too few parameters error, then "data type mismatch", and then "invalid cursor state"...

any full coding for prevent this error?
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


Your problems are likely caused by
* the rs.next() when no data is returned causin and invalid cursor state
* using getFloat to return a String, or is it a String. I can't tell

I won't be available to follow up, sorry. I hope this helps!

Dave
 
Nicky Eng
Ranch Hand
Posts: 378
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thanks again.

i will look again for it in API there.
 
Villains always have antidotes. They're funny that way. Here's an antidote disguised as a tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic