JDBC Insert Statement

• • Reply

  17 years ago

  by skeeterbug

  Jason Best

  Michigan, USA, United States

  Joined 18 years ago

  I have this insert statement in my .jsp page. Sorry its kinda long but does anyone know whats wrong with it? Its giving me errors.
  

  
  

  Code:

  
  stmt.executeUpdate("INSERT INTO users (id,first,last,username,status,password,ext,fax,cell,pager,email,didPhone,isDivisionHead,
  role,comp,division) VALUES(," + first + "," + last + "," + username + ",0," + password +"," + extension + "," + fax
  + "," + cell + "," + pager + "," + email + "," + directDial + "," + isHead + "," + role + ",0," + division + ")");
  

  
  

  
  Thankyou in advance.

  Report abuse
• • Reply

  17 years ago

  by James Crowley

  James Crowley

  London, United Kingdom

  Joined 20 years ago

  VALUES(,"
  

  
  is the problem - it should be VALUES("
  

  
  However, for security you should probably also be putting quotes around the strings within the SQL string, and checking for any quotes within the variables if they're from a posted form to prevent any sql injection attacks.

  Report abuse
• • Reply

  17 years ago

  by skeeterbug

  Jason Best

  Michigan, USA, United States

  Joined 18 years ago

  I did that already, that comma is there becuase the first field is auto increment. I think I figured it out thanks though.

  Report abuse
• • Reply

  17 years ago

  by -=D=-

  Yew Chin Sing

  Kedah, Malaysia, Malaysia

  Joined 18 years ago

  u have some misstake
  

  
  ("INSERT.......") VALUES(","......);
  

  
  hope this help u
  

  
  the full code will be as below
  

  Code:

  
  stmt.executeUpdate("INSERT INTO users (id,first,last,username,status,password,ext,fax,cell,pager,email,didPhone,isDivisionHead,
  role,comp,division") VALUES("," + first + "," + last + "," + username + ",0," + password +"," + extension + "," + fax
  + "," + cell + "," + pager + "," + email + "," + directDial + "," + isHead + "," + role + ",0," + division ")");
  

  Report abuse