This week's book giveaway is in the Java in General forum.
We're giving away four copies of Event Streams in Action and have Alexander Dean & Valentin Crettaz on-line!
See this thread for details.
Win a copy of Event Streams in Action this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Paul Clapham
  • Knute Snortum
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Ron McLeod
  • Piet Souris
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Frits Walraven
  • Ganesh Patekar

Code for Display Calculation salary slip code for eid

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello sir i am trying to code for display salary slip this code is use for inputing eid adn display salary slip but i have no idea what i will do
<%--
Document : Salary
Created on : Mar 24, 2012, 11:27:02 PM
Author : Rushi
--%>

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Salary Result</title>
</head>
<body>
<%@ page import="java.sql.*" language="java" %>
<%@ page import="java.io.*"%>
<%
try
{

String eid=null,uname;
String salary,hra,da,pf,gross,net,sal;
String eid2=request.getParameter("eid");
String uname1=request.getParameter("uname");
String salary1=request.getParameter("salary");

Connection con = null;
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
con = DriverManager.getConnection("jdbc:odbc:Employee","system","tiger");
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery("select * from EMPLOYEE where eid="+eid2+"");
if(rs.next()){
%>
<table border="1" align="center">
<tr><td>EID</td><td><input type="text" value="<%=rs.getString("eid")%>"> </td></tr>
<tr><td>Uname</td><td><input type="text" value="<%=rs.getString("uname")%>"> </td></tr>
<%
if(?)

{

}

{

}




%>
</body>
</html>
after inputing eid show ename
and calculation of hra da pf gross nsal
suddenly blank please help me sir.
and saving another table
Thank you
 
Saloon Keeper
Posts: 5711
144
Android Mac OS X Firefox Browser VI Editor Tomcat Server Safari
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You need to read up urgently on what SQL injection is, and how to prevent it.
 
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

this must be
 
Sheriff
Posts: 21775
103
Eclipse IDE Spring VI Editor Chrome Java Ubuntu Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No it doesn't. First of all, the () pair is completely useless. It's only required for nesting (mostly of WHERE clauses) and function calls, and your example shows neither. The '' pair is also unnecessary if the employee ID is a numeric value. There still is the danger of SQL injection, but your code doesn't solve that at all.
 
Sachin Kadian
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i am not talking about pair of () but about ' ' .. we must enclose variables in '"++"' i think....
 
Sheriff
Posts: 3752
62
Netbeans IDE Oracle Chrome
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Sachin Kadian wrote:i am not talking about pair of () but about ' ' .. we must enclose variables in '"++"' i think....


No. This is only true for text literals, numeric literals go without quotes.

The code might be working even with numbers enclosed in quotes, but this introduces another potential bug related to implicit conversion. However, compared to the SQL injection vulnerability, this is an insignificant issue.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!