how do i insert into databse?This is a discussion on how do i insert into databse? within the JDBC JAVA forums in Framework and Interface Programming category; i'm creating a an web application on attendance, in which a user after selecting the subject and month he gets all the student info who has taken that subject. my problem is i'm able to get the multiple student with the text box where a user can put up his monthly attendance. how do i insert the info in database...at the same time after filling the info. the snapshot of the code is here... here I'm getting the roll no. along with the text box.. Code: String str1 = "select roll_no from student where sem_id = (select sem_id from subject ... | ||||||||
| | ||||||||
| ||||||||
| Register | FAQ | Calendar | Search | Today's Posts | Mark Forums Read |
|
#1
02-16-2008, 09:14 AM
| |||
| |||
 how do i insert into databse? i'm creating a an web application on attendance, in which a user after selecting the subject and month he gets all the student info who has taken that subject. my problem is i'm able to get the multiple student with the text box where a user can put up his monthly attendance. how do i insert the info in database...at the same time after filling the info. the snapshot of the code is here... here I'm getting the roll no. along with the text box.. Code: String str1 = "select roll_no from student where sem_id = (select
sem_id from subject where course_id ='bsc_it' and sub_id =
'"+getsub1+"')";
ResultSet rs = stmt.executeQuery(str1);
%>
<table
align="center" width="" cellpadding="0" cellspacing="0"
border="1" cellspacing="1" cellpadding="1">
<tr>
<td><input type="text" value="Total Lecture" readonly=""/></
td>
<td><input type="text" name="total_att" maxlength="2"></td>
</tr>
<tr>
<td><input type="text" value="Student roll no." readonly="" /
></td>
</tr>
<% while(rs.next())
{
%>
<%
stu_roll = rs.getString("roll_no");
%>
<tr bordercolor="#CC3366">
<td>
<%
out.println(stu_roll);
%>
</td>
<td>
<input type="text" name="att" />
</td>
</tr>
<%
}
con.close();
}
catch(SQLException e)
{
out.println("Exception in SQL" + e);
}
%>
 |
|
#2
02-16-2008, 09:49 AM
| |||
| |||
| Re: how do i insert into databse? mak1084@gmail.com schrieb: > [code] > String str1 = "select roll_no from student where sem_id = (select > sem_id from subject where course_id ='bsc_it' and sub_id = > '"+getsub1+"')"; Please don't forget that creating SQL queries with user specified input incorporates the possibility for an SQL injection attack. Therefore I strongly recommend to change your code to use a PreparedStatement and set the parameters via setInt() or SetString() - then your WebApp is secure against such attacks. http://java.sun.com/docs/books/tutorial/jdbc/basics/prepared.html Robert |
 |
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
All times are GMT -5. The time now is 08:06 PM.
