• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

polling in jsp

 
kanan devi
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
plize tell me is it correct code

try
{
Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver");
Connection conn = DriverManager.getConnection("jdbc:microsoft:sqlserver://database:1433","sa","123");
Statement st2=conn.createStatement();
String sql1 = "INSERT INTO tab.dbo.poll (a) VALUES ('"+radioVal+"')";
Statement st1=conn.createStatement();
st1.executeUpdate(sql1);
st1.close();
conn.close();
}
catch(Exception ex)
{
out.println(ex.getMessage());
}
%>


thanks for your help
 
Freddy Wong
Ranch Hand
Posts: 959
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
To me, that code seems like inserting a record into the database. By the way, instead of asking whether the code is right or wrong. Have you tried to run it and see it's correct?
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 35279
384
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Kanan,
Two best practices:
1) Use a PreparedStatement (with a question mark) rather than string appending the option in. This presents SQL injection attacks where someone can execute arbitrary SQL code.
2) Keep SQL code out of a JSP. It really should be in a Java class (called from a servlet not a JSP.)

As for right and wrong, it depends what you want the code to do.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic