How can I make an prepared statement of this one?
Statement stmt = con.createStatement();
long lastid = getLastId(stmt);
// create a SQL query
String strQuery = "INSERT INTO studenten " +
" (id, naam, adres, postcode, plaats, geboren) " +
" VALUES (" + (lastid+1) + "," +
"'" + contact.getNaam() + "'," +
"'" + contact.getAdres() + "'," +
"'" + contact.getPostcode() + "'," +
"'" + contact.getPlaats() + "'," +
"{d '" + contact.getGeboren() + "'}" +
") ";
stmt.executeUpdate(strQuery);
stmt.close();
con.close();
You need to substitute values with question marks ?
as placeholders.
String sql = "INSERT INTO studenten (id, naam, adres, postcode, plaats, geboren)"
+ " VALUES (?, ?, ?, ?, ?, ?)";
Connection connection = null;
PreparedStatement statement = null;
try {
connection = database.getConnection();
statement = connection.prepareStatement(sql);
statement.setLong(lastId + 1); // Why don't you use an generated sequence? This is plain ugly and errorprone.
statement.setString(contact.getNaam());
statement.setString(contact.getAdres());
statement.setString(contact.getPostcode());
statement.setString(contact.getPlaats());
statement.setDate(new java.sql.Date(contact.getGeboren().getTime())); // Assuming it returns java.util.Date
statement.executeUpdate();
} finally {
// Always close in finally to prevent resource leaks.
if (statement != null) try { statement.close(); } catch (SQLException ignore) {}
if (connection != null) try { connection.close(); } catch (SQLException ignore) {}
}
Here is a better way to do it:
String sql = "INSERT INTO studenten (id, naam, adres, postcode, plaats, geboren)"
+ " VALUES (?, ?, ?, ?, ?, ?)"
try {
connection = database.getConnection();
statement = connection.prepareStatement(sql);
statement.setLong(1,your_id_value);
statement.setString(2,contact.getNaam());
statement.setString(3,contact.getAdres());
statement.setString(5,contact.getPlaats()); // order doesn't matter now you can give the index of the parameter
statement.setString(4,contact.getPostcode());
statement.setDate(6,getGeboren());
statement.executeUpdate();
// or System.out.println(statement.executeUpated()) to see how many row are effected by this query
statement.close();
} catch(java.sql.Exception sql_exception ){
//you can see what goes wrong here with your statement
e.printStackTrace();
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With