PreparedStatement pstmt = conn
.prepareStatement("INSERT INTO discussion(section_id, weekday, room, mandatory, starttime,endtime) VALUES ( ?, ?, ?, ?, ?, ?)");
pstmt.setInt(1, Integer.parseInt(request.getParameter("SECTION_ID")));
pstmt.setString(2, request.getParameter("WEEKDAY"));
pstmt.setString(3, request.getParameter("ROOM"));
pstmt.setString(4, request.getParameter("MANDATORY"));
String TIME_FORMAT = "HH:mm";
SimpleDateFormat timeFormat = new SimpleDateFormat(TIME_FORMAT,
Locale.getDefault());
out.println("Items: " + request.getParameter("starttime"));
out.println("Items: " + request.getParameter("WEEKDAY"));
pstmt.setTime(5,
new Time(timeFormat.parse(request.getParameter("starttime"))
.getTime()));
pstmt.setTime(6,
new Time(timeFormat.parse(request.getParameter("endtime"))
.getTime()));
pstmt.executeUpdate();
I use out.print to test. find out that getparameter works not right. It can give me the weekday data but cannot give me starttime data. The database give starttime time type
Related
So I want to create a database for Users and insert values into the fields using variable. Initially I tried using it calling the do function, but it wasn't reading the variables properly so I decided to just use prepare and execute separately. This is my code:
$dbh->do("DROP TABLE IF EXISTS Users");
$dbh->do("CREATE TABLE Users(
zid TEXT,
Name TEXT,
Email TEXT,
password TEXT,
Mates TEXT,
Program TEXT,
Courses TEXT,
Suburb TEXT,
Birthday TEXT)");
$zid = "z33432523";
$name = "John Doe";
$email = "email#gmail.com";
$password = "alien";
$mates = "z3459148 z3458291";
$program = "";
$courses = "";
$suburb = "";
$birthday = "13/5/1992";
$sth = $dbh->prepare('INSERT INTO Users VALUES (?, ?, ?, ?, ?. ?, ?, ?, ?)');
$sth->execute($zid, $name, $email, $password, $mates, $program, $courses, $suburb, $birthday);
$dbh->disconnect();
However, if I try running this code I get the following error:
DBD::SQLite::db prepare failed: near ".": syntax error at ./dbm.pl line 35.
I'm not sure exactly what the problem is?
near ".": syntax error
INSERT INTO Users VALUES (?, ?, ?, ?, ?. ?, ?, ?, ?)
^
I need the passwords going into my derby database to be hash values they are currently strings. How can I achieve this?
String sql = "insert into MPP_USERS "
+ " (LAST_NAME, FIRST_NAME,EMAIL_ADDRESS,PASSWORD)" + " values (?, ?, ?, ?)";
ps= con.prepareStatement(sql);
ps.setString(1, lastname);
ps.setString(2, firstname);
ps.setString(3, email);
ps.setString(4,password);
System.out.println("Insert complete.");
ps.executeUpdate();
System.out.println("Insert complete.");
Also how do you validate the hash value when the user logs in? here is my validate method.
con = DataConnect.getConnection();
ps = con.prepareStatement("Select EMAIL_ADDRESS,PASSWORD from MPP_USERS where EMAIL_ADDRESS = ? and PASSWORD = ? ");
ps.setString(1, email);
ps.setString(2, password);
ResultSet rs = ps.executeQuery();
if (rs.next()) {
//result found, means valid inputs
return true;
}
PreparedStatement pstmt = conn.prepareStatement(
"INSERT INTO discussion(section_id, weekday, room, mandatory, starttime,endtime)
VALUES ( ?, ?, ?, ?, ?, ?)");
pstmt.setInt(1, Integer.parseInt(request.getParameter("SECTION_ID")));
pstmt.setString(2, request.getParameter("WEEKDAY"));
pstmt.setString(3, request.getParameter("ROOM"));
pstmt.setString(4, request.getParameter("MANDATORY"));
pstmt.setString(5, request.getParameter("starttime"));
pstmt.setString(6, request.getParameter("endtime"));
right now I set the starttime and endtime in database as time without timezone type
if I use setTime to get the endtime and startime. how to modify this code
I didn't use any class here. I don't think I can use method here
the data is from user input
Suppose your dateString intered by user is in format dd-MMM-yyyy HH:mm:ss
Then you can use setDate like this
private static final String TIME_FORMAT = "HH:mm:ss";
public static final SimpleDateFormat timeFormat = new SimpleDateFormat(TIME_FORMAT, Locale.getDefault());
pstmt.setTime(5,new Time(timeFormat.parse(request.getParameter("starttime")).getTime()));
Hope this will help
1.you should this method:
PreparedStatement pstmt;
pstmt = con.prepareStatement("INSERT INTO table_name (starttime,endtime)VALUES(?,?)");
pstmt.setTimestamp(1, new java.sql.Timestamp(new java.util.Date().getTime));
pstmt.setTimestamp(2, new java.sql.Timestamp(new java.util.Date().getTime));
pstmt.executeUpdate();
sample:
PreparedStatement pstmt;
pstmt = con.prepareStatement("INSERT INTO table_name (col_name)VALUES(?)");
pstmt.setTimestamp(1, new java.sql.Timestamp(new java.util.Date().getTime));
pstmt.executeUpdate();
2.Another one interesting answer:
You can use SimpleDateFormat to parse a String in the given pattern to a java.util.Date object.
Assuming that it's HH:mm, then you can do so:
String time = request.getParameter("time");
Date date = null;
try
{
date = new SimpleDateFormat("HH:mm").parse(time);
}
catch (ParseException e)
{
request.setAttribute("time_error", "Please enter time in format HH:mm");
}
Once having the java.util.Date object, you can store it in a TIME column by converting it to java.sql.Time and using PreparedStatement#setTime().
PreparedStatement pt;
pt = connection.prepareStatement("INSERT INTO tablename (columname) VALUES (?)");
pt.setTime(1, new Time(date.getTime()));
pt.executeUpdate();
// Create the prepared statement and use it to
// INSERT the student attributes INTO the Student table.
PreparedStatement pstmt = conn.prepareStatement(
"INSERT INTO Review VALUES (?, ?, ?, ?)");
pstmt.setInt(1, Integer.parseInt(request.getParameter("section_id")));
pstmt.setString(2, request.getParameter("quarter"));
pstmt.setInt(3, Integer.parseInt(request.getParameter("year")));
pstmt.setTime(4, ????)
Can anyone tell me how can i read values with the type Time?? Lets say time like "16:34"? How can I define a pattern and read it?
You need to do this.
public static java.sql.Time getCurrentJavaSqlTime(String time) {
Date date = new SimpleDateFormat("HH:mm", Locale.ENGLISH).parse(time); //Convert to Date
return new java.sql.Time(date.getTime()); //Now to time
}
java.sql.Time time = getCurrentJavaSqlTime("16:34");
System.out.println("time=" + time);
pstmt.setTime(4,time);
Use format patterns to work with yout String.
H Hour in day (0-23) Number 0
k Hour in day (1-24) Number 24
K Hour in am/pm (0-11) Number 0
h Hour in am/pm (1-12) Number 12
m Minute in hour Number 30
To obtain from user try this
java.sql.Time time = getCurrentJavaSqlTime((String)request.getParameter("time"));
pstmt.setTime(4,time);
I saw this example somewhere:
rs = connection.prepareStatement("select * from table").executeQuery();
Could I use this format, if I want to execute a query like this "Select * from table where column = "hello" "?
The way in which I usual I use prepareStatement object is something like this:
String sql = "select * from adresa where column = ?";
PreparedStatement pre = con.prepareStatement(sql);
pre.setString(1, i);
rs = pre.executeQuery();
Later Edit:
I don't understand. Pascal Thivent wrote that I can use the short version with In parameters, but Liu tells me this is not possible. :) Anw, using Pascal's version, i receive this error: void cannot be dereferenced
Here's a partial example how to use this interface:
static final String USER = "root";
static final String PASS = "newpass";
Connection conn = DriverManager.getConnection(myUrl, USER, PASS);
// create a sql date object so we can use it in our INSERT statement
Calendar calendar = Calendar.getInstance();
java.sql.Date startDate = new java.sql.Date(calendar.getTime().getTime());
// the mysql insert statement
String query = " insert into students (ID, last_name, first_name, birthday, hometown)"
+ " values (?, ?, ?, ?, ?)";
// create the mysql insert preparedstatement
PreparedStatement preparedStmt = conn.prepareStatement(query);
preparedStmt.setInt(1, 808027);
preparedStmt.setString(2, "Davis");
preparedStmt.setString(3, "Felicita");
preparedStmt.setDate(4, startDate);
preparedStmt.setString(5, "Venice");
// execute the preparedstatement
preparedStmt.execute();
conn.close();
You can only use the first form if there are no bind variables (question marks) in the query. It's just a shortened version of what you posted.
Also, if you use the shortened form you won't have the opportunity to reuse the PreparedStatement object.
of course u can use a string variable for the query in which u put in ur dynamic data and run it.
rs = connection.prepareStatement(variable).executeQuery();
The long form is often, but prepared statements can be precompiled by the db, and if used properly will help prevent sql injection.
Connection conn = null;
ResultSet rs = null;
PreparedStatement ps = null;
try {
conn = getConn();
ps = conn.prepareStatement("select * from x where y = ? "); //note no sb.append()'s or +'s, to helps prevent sql injection
ps.setLong(1, 12l);
rs = ps.executeQuery();
while (rs.next()) {
... act ...
}
} catch ( Exception e) {
} finally {
if (rs != null) rs.close();
if (ps != null) ps.close();
if (conn != null) conn.close();
}
Who said java was verbose. :)