• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Checking the condition of the resultSet

 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hello,
I want to do a condition as follows:
if the category_name exist in the table of my database, an exception display
else the category_name entred will be stocked in the database.
I created a form as follows:

and at the servlet :

My problem is when i enter a name doesn't exist, an exception dispaly even if i enter a name exist in a database the same error dispaly :

 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Line 10 of the servlet code looks wrong. Print out the DB statement that gets sent to the DB, and try running that directly against the DB. Why aren't you using a PreparedStatement?
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:Line 10 of the servlet code looks wrong. Print out the DB statement that gets sent to the DB, and try running that directly against the DB. Why aren't you using a PreparedStatement?

The statement "Select * from category where category_name="+name correct when i enter it in the PgAdmin III.
Should i use executeUpdate instead of PreparedStatement ?
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is "category_name" not a character data type? If it is, then that statement is *not* correct, you need to use single quotes.
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
category_name it's the name of column .
And when i use a single quote, an error message display "Invalid character "
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It's Ok now,
I found the solution :
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That is a rather bad solution. The good solution would be to use a PreparedStatement like I suggested. You're using one for the other SQL statement; why not for this one?
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do you mean, i should use PreparedStatement for the two statment ?
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You should get in the habit of generally using PreparedStatement, and particularly so in web apps. Besides not having to mess with quotes and such, it's a security measure against SQL injection attacks. (If you don't know what that is, don't worry about it for now, but do start using PreparedStatement.)
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:You should get in the habit of generally using PreparedStatement, and particularly so in web apps. Besides not having to mess with quotes and such, it's a security measure against SQL injection attacks. (If you don't know what that is, don't worry about it for now, but do start using PreparedStatement.)

Thank you, i'll change it right away
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How can i make the condition
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Where is the code that retrieves the ResultSet?
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I delet it, must have both ?
 
Sarra Sakka
Ranch Hand
Posts: 283
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
like this :
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic