• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

Error in output

 
Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, I have created 1 login form
data source name-loginform
table name - loginforms
The table contains 2 fields - name and password. I have created 3 forms. First form name is "Login".In this form , I have placed 2 labels for user name and password, 1 textfield,1passwordfield, and 4 buttons for submit,clear,exit,login.After entering the values , if i click submit button then the values entered will be stored in database.If i click login button, it displays another form namely "LoginPage".
In this form , I have placed 2 labels for user name and password, 1 textfield,1passwordfield, and 2 buttons for submit and update.After entering the values , if i click submit button , it match both username and password , if both matches, it will show another form namely "WelcomePage".otherwise it will display "invalid username and password".
If i click update button, the text entered in passwordfield should be updated instead of old password.
I entered the following code to update the values.but it shows error

It shows the following error
Exception:java.sql.SQLException: [Microsoft][ODBC SQL Server Driver][SQL Server]The name 'password' is not permitted in this context. Only constants, expressions, or variables allowed here. Column names are not permitted.

Can you please tell me how too resolve the error
 
Bartender
Posts: 4568
9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

OK, first of all, that's not the syntax for a SQL INSERT statement - you need to recheck what it ought to look like.

Secondly, even once you've fixed it that's am injection attack waiting to happen. What happens if someone enters a string with a single quote in it, for instance? Your SQL statement will break (possibly with serious consequences). You should never create a SQL statement by sticking strings together like that. Instead, use a PreparedStatement with bind variables. See http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html for an example of how to do it.
 
Sheriff
Posts: 22818
132
Eclipse IDE Spring Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What do you need to do? Insert a new record, or update an existing? You should use the following syntax for those (for use in PreparedStatement as Matthew suggested):
 
He was expelled for perverse baking experiments. This tiny ad is a model student:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic