• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

Error attempting to submit data via a form

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all, I'm doing a very basic sign up page for myself and have run into a bit of bother. I have an SQL Database called "project", which has a table called "users" containing 2 fields - userName and password (very original I know), and a form which uses JSP to submit data to that database, to a table called users in particular.
I can connect to the table in the database fine - if I access the page the data should be processed to, two blank values are added to the table. But when I attempt to submit the data via a form I get the following -
java.sql.SQLException: [Microsoft][ODBC Microsoft Access Driver] Too few parameters


This is the JSP page that submits the data (I've taken out the unecessary HTML tags) :

<%@ page import="java.sql.*" %>

<%
String userName=request.getParameter("userName");
String password=request.getParameter("password");
%>


<%
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
Connection con = DriverManager.getConnection("jdbc:odbc:project");

Statement stmt = con.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE, ResultSet.CONCUR_UPDATABLE);
ResultSet rs = stmt.executeQuery("SELECT * FROM users");

String sqlStatement = "INSERT INTO users(userName,password) VALUES ("+userName+","+password+")";
stmt.executeUpdate(sqlStatement);

con.close();
%>

And this is the form that should send the data to the above:

<%@ page import="java.sql.*" %>

<form action="/project/signup.jsp" method="post">
<br/>
Enter your username:
<input type="text" name="userName"><br/>

And password:
<input type="password" name="password"><br/>

<input type="submit" name="submit" value="Submit now"><br/>

</form>


I'm sure I'm making some terribly amateur mistake, so any help/derision would be much appreciated!
[ April 30, 2008: Message edited by: Gordon Emerson ]
 
Bartender
Posts: 2662
19
Netbeans IDE C++ Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

should be

small notes:
1: it is not the best practice to update your database from within a JSP page.
2: please have a look at PreparedStatement. It is better to use parameters in your query than to paste the values of form parameters directly into the sql string (sql injection danger)

Regards, Jan
 
Gordon Emerson
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Jan you're an absolute life saver, thank you!

And regards the notes, I'm very aware of the security risks in the way I'm creating it, but it's really just for my own local use and will be built upon in time. But thanks for the pointers!
 
Their achilles heel is the noogie! Give them noogies tiny ad!
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic