insert problem with mysql

E

espresso

I have a mysql table with two columns, DeptNo and DeptName. I am
making inserts from java code with the following where the variables
are populated with text from a jTextfield:

sqlString = "INSERT INTO department SET DeptNo= '" + deptno + "' + ','
+ 'DeptName=' + '" + deptname + "'";
int result=0;

result= dbc.executeUpdate(sqlString);

Each time I do this insert I get a result of one--successfull
insert--but only the deptno value gets inserted into the database. The
DeptName field is blank.
I have also tried this with a prepared statement to test if there is
something wrong with my sqlString, but I get the same result.

Any ideas what is happening here.

Thanks
 
R

Ryan Stewart

espresso said:
I have a mysql table with two columns, DeptNo and DeptName. I am
making inserts from java code with the following where the variables
are populated with text from a jTextfield:

sqlString = "INSERT INTO department SET DeptNo= '" + deptno + "' + ','
+ 'DeptName=' + '" + deptname + "'";
int result=0;

result= dbc.executeUpdate(sqlString);

Each time I do this insert I get a result of one--successfull
insert--but only the deptno value gets inserted into the database. The
DeptName field is blank.
I have also tried this with a prepared statement to test if there is
something wrong with my sqlString, but I get the same result.
Click to expand...
So if you get the same result both ways....doesn't that make you think there
might be something wrong with your SQL? Have you checked the String to see
what you're trying to execute? If so, you'd find this:
INSERT INTO department SET DeptNo= '5' + ',' + 'DeptName=' + 'blah'


If you expect that to work, you need to read up on SQL.
 
S

Sudsy

espresso said:
Ryan Stewart wrote:
Click to expand...
So if you get the same result both ways....doesn't that make you think there
might be something wrong with your SQL? Have you checked the String to see
what you're trying to execute? If so, you'd find this:
INSERT INTO department SET DeptNo= '5' + ',' + 'DeptName=' + 'blah'


If you expect that to work, you need to read up on SQL.
Click to expand...

Further, that's not even the correct standard syntax for an SQL insert
statement. It should look like this:
INSERT INTO tablename [ ( columname [ , ... ] ) ]
VALUES ( value [ , ... ] )

As Ryan noted, you should really study SQL syntax.
 
T

Tony Morris

sqlString = "INSERT INTO department SET DeptNo= '" + deptno + "' + ','
Looks like a good candidate for a SQL injection attack (i.e. broken code).
You might want to look at using a java.sql.PreparedStatement.

--
Tony Morris
(BInfTech, Cert 3 I.T.)
Software Engineer
(2003 VTR1000F)
Sun Certified Programmer for the Java 2 Platform (1.4)
Sun Certified Developer for the Java 2 Platform
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Survey details won't go through using php, ajax, Mysql 0
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Beginner's Guide to getting CipherSweet working with PDO and MYSQL 1
Insert NULL into mySQL datetime 3
String replace ' for mySQL insert 4
Problem with KMKfw libraries 1
jsp-mysql insert command problem 0
Please help with C programming to save GPS reception data in Raspberry Pi. 0

Members online

No members online now.
Total: 19 (members: 0, guests: 19)
Robots: 445

Forum statistics

Threads
473,770
Messages
2,569,583
Members
45,074
Latest member
StanleyFra

Latest Threads

Top