New Topic/Question
Reply
import java.awt.*;
import javax.swing.*;
import java.awt.event.*;
import java.sql.*;
public class Bookmenow implements ActionListener
{
JButton btn;
private Connection conn = null;
JTextField txtname;
List l = new List (20, false);
Bookmenow ()
{
JFrame jf = new JFrame ();
//jf.setSize (250, 250);
// jf.setLocation (350, 200);
jf.setBounds (400, 100, 350, 200); jf.setTitle ("Bookin Process...");
jf.setResizable (false);
jf.setDefaultCloseOperation (JFrame.EXIT_ON_CLOSE);
Font f = new Font ("Comic Sans MS", Font.ITALIC + Font.BOLD, 12);
JLabel lbl1 = new JLabel ("Name and Surname");
lbl1.setBounds (30, 80, 50, 20);
lbl1.setFont (f);
txtname = new JTextField ();
txtname.setBounds (100, 80, 120, 20);
txtname.setFont (f);
btn = new JButton ("Submit");
btn.setBounds (100, 120, 120, 20);
btn.addActionListener (this);
connect();
Container c = jf.getContentPane ();
c.setLayout (null);
c.setBackground (Color.yellow);
c.add (lbl1);
c.add (txtname);
c.add (btn);
jf.setVisible (true);
}
public void connect ()
{
try
{
Class.forName ("sun.jdbc.odbc.JdbcOdbcDriver");
JOptionPane.showMessageDialog (null, "Successfully Loaded Database Driver", "Success", JOptionPane.PLAIN_MESSAGE);
}
catch (ClassNotFoundException c)
{
JOptionPane.showMessageDialog (null, "Cannot Load Database Driver", "Error", JOptionPane.ERROR_MESSAGE);
}
try
{
conn = DriverManager.getConnection ("jdbc:odbc:Driver={Microsoft Access Driver (*.mdb)}; DBQ=Book-data");
JOptionPane.showMessageDialog (null, "Successfully Loaded The Database ", "Success", JOptionPane.PLAIN_MESSAGE);
}
catch (Exception e)
{
JOptionPane.showMessageDialog (null, "Cannot Load The Database", "Error", JOptionPane.ERROR_MESSAGE);
}
}
public void Bok(String txtname)
{
try
{
Statement stmt = conn.createStatement();
String query = "INSERT INTO Booked VALUES '" +txtname + "'";
stmt.executeUpdate (query);
}
catch (Exception e)
{
System.out.println(e);
}
}
public void actionPerformed (ActionEvent event)
{
if (event.getSource () == btn)
{
Bok(txtname.getText());
}
}
public static void main (String[] args)
{
Bookmenow s = new Bookmenow ();
}
}
4 Replies - 609 Views - Last Post: 30 August 2008 - 10:23 PM
Rate Topic:
#1
Jovan
- New D.I.C Head
Reputation: 0
- Posts: 7
- Joined: 06-September 07
Cant find the error
Posted 28 August 2008 - 09:57 AM
Is This A Good Question/Topic?
0
MultiQuoteReplies To: Cant find the error
#2
nick2price
- D.I.C Lover
-
Reputation: 559
- Posts: 2,826
- Joined: 23-November 07
Re: Cant find the error
Posted 28 August 2008 - 11:58 AM
Havnt compiled your code or anything but it looks like your query is wrong in regards to your use of ' and ". I can see 3 " which i presume 1 of them isnt closing anything off.
Was This Post Helpful?
0
#4
1lacca
- code.rascal
-
Reputation: 44
- Posts: 3,822
- Joined: 11-August 05
Re: Cant find the error
Posted 29 August 2008 - 01:47 AM
PLEEEEEEEEEAAASE!
I know it is for correcting the user's error, but please, please, please have some bad feeling to post anything like String query = "INSERT INTO Booked VALUES '" +txtname + "';";
It is really bad practice to insert any parameter into an SQL statement like this (see SQL injection).
Use a PreparedStatement that will escape your parameters - and it will also save you the headache with the quotes.
Concatenating parameters as Strings into SQL statements is like standing on top of a hill in a lightning storm in an armor shouting all gods can kiss your *ss.
I know it is for correcting the user's error, but please, please, please have some bad feeling to post anything like String query = "INSERT INTO Booked VALUES '" +txtname + "';";
It is really bad practice to insert any parameter into an SQL statement like this (see SQL injection).
Use a PreparedStatement that will escape your parameters - and it will also save you the headache with the quotes.
Concatenating parameters as Strings into SQL statements is like standing on top of a hill in a lightning storm in an armor shouting all gods can kiss your *ss.
Was This Post Helpful?
0
#5
pbl
- There is nothing you can't do with a JTable
-
Reputation: 8027
- Posts: 31,161
- Joined: 06-March 08
Re: Cant find the error
Posted 30 August 2008 - 10:23 PM
1lacca, on 29 Aug, 2008 - 01:47 AM, said:
PLEEEEEEEEEAAASE!
I know it is for correcting the user's error, but please, please, please have some bad feeling to post anything like String query = "INSERT INTO Booked VALUES '" +txtname + "';";
It is really bad practice to insert any parameter into an SQL statement like this (see SQL injection).
Use a PreparedStatement that will escape your parameters - and it will also save you the headache with the quotes.
Concatenating parameters as Strings into SQL statements is like standing on top of a hill in a lightning storm in an armor shouting all gods can kiss your *ss.
I know it is for correcting the user's error, but please, please, please have some bad feeling to post anything like String query = "INSERT INTO Booked VALUES '" +txtname + "';";
It is really bad practice to insert any parameter into an SQL statement like this (see SQL injection).
Use a PreparedStatement that will escape your parameters - and it will also save you the headache with the quotes.
Concatenating parameters as Strings into SQL statements is like standing on top of a hill in a lightning storm in an armor shouting all gods can kiss your *ss.
1Licca is right, not going to the point of the lighning storm may be, but PreparedStatement add the last ";" if you gorgot to put in on.
Was This Post Helpful?
0
Page 1 of 1
|
|
| 