Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Error attempting to submit data via a form

 
Gordon Emerson
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all, I'm doing a very basic sign up page for myself and have run into a bit of bother. I have an SQL Database called "project", which has a table called "users" containing 2 fields - userName and password (very original I know), and a form which uses JSP to submit data to that database, to a table called users in particular.
I can connect to the table in the database fine - if I access the page the data should be processed to, two blank values are added to the table. But when I attempt to submit the data via a form I get the following -
java.sql.SQLException: [Microsoft][ODBC Microsoft Access Driver] Too few parameters


This is the JSP page that submits the data (I've taken out the unecessary HTML tags) :

<%@ page import="java.sql.*" %>

<%
String userName=request.getParameter("userName");
String password=request.getParameter("password");
%>


<%
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
Connection con = DriverManager.getConnection("jdbcdbc:project");

Statement stmt = con.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE, ResultSet.CONCUR_UPDATABLE);
ResultSet rs = stmt.executeQuery("SELECT * FROM users");

String sqlStatement = "INSERT INTO users(userName,password) VALUES ("+userName+","+password+")";
stmt.executeUpdate(sqlStatement);

con.close();
%>

And this is the form that should send the data to the above:

<%@ page import="java.sql.*" %>

<form action="/project/signup.jsp" method="post">
<br/>
Enter your username:
<input type="text" name="userName"><br/>

And password:
<input type="password" name="password"><br/>

<input type="submit" name="submit" value="Submit now"><br/>

</form>


I'm sure I'm making some terribly amateur mistake, so any help/derision would be much appreciated!
[ April 30, 2008: Message edited by: Gordon Emerson ]
 
Jan Cumps
Bartender
Posts: 2608
14
C++ Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

should be

small notes:
1: it is not the best practice to update your database from within a JSP page.
2: please have a look at PreparedStatement. It is better to use parameters in your query than to paste the values of form parameters directly into the sql string (sql injection danger)

Regards, Jan
 
Gordon Emerson
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jan you're an absolute life saver, thank you!

And regards the notes, I'm very aware of the security risks in the way I'm creating it, but it's really just for my own local use and will be built upon in time. But thanks for the pointers!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic