Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SQLException: executeQuery method can not be used for update

I am trying to insert user information taken from a registration form into Derby DB using a java servlet class.

I get connected to the DB on NetBeans right after the user clicks the submit button with the user's information filled out. Then it should run this method:

public void insertNewUser(String userName, String passWord, String lastName, String firstName, String age, char sex, String email) {
    try {
        stmt = conn.createStatement();
        String insertNewUserSQL = "INSERT INTO " + studentsTable + " VALUES ('" + userName + "', '" + passWord + "', '" + lastName + "', '" + firstName + "', " + age + ", '" + sex + "', '" + email + "')";
        System.out.println(insertNewUserSQL);
        stmt.executeQuery(insertNewUserSQL);
        stmt.close();
    } catch(SQLException sqlExcept) {
        sqlExcept.printStackTrace();
    }
}

But I keep getting the following exception:

java.sql.SQLException: executeQuery method can not be used for update.

What does this mean exactly?

The SQL command is correct as I can do it manually on NetBeans SQL Command window.

Are there restrictions for servlets or something I don't know about?

Thanks in advance!

like image 308
danksim Avatar asked Apr 15 '13 02:04

danksim


People also ask

Can we use executeQuery for update?

SQLException with message “executeQuery method can not be used for update”. Statement executeUpdate(String query) is used to execute Insert/Update/Delete (DML) statements or DDL statements that returns nothing.

What is difference between executeQuery () and executeUpdate () methods?

executeUpdate() : This method is used for execution of DML statement(INSERT, UPDATE and DELETE) which is return int value, count of the affected rows. executeQuery() : This method is used to retrieve data from database using SELECT query.

What type of value is returned by the executeQuery () method?

Output. executeQuery(): This method is used to execute statements that returns tabular data (example select). It returns an object of the class ResultSet.

What executeQuery () method will after executing the statement?

executeQuery : Returns one ResultSet object. executeUpdate : Returns an integer representing the number of rows affected by the SQL statement. Use this method if you are using INSERT , DELETE , or UPDATE SQL statements.


2 Answers

Since you are inserting a record, you should be using executeUpdate() not executeQuery().

Here are some methods that are usually misused:


boolean execute()

Executes the SQL statement in this PreparedStatement object, which may be any kind of SQL statement.

ResultSet executeQuery()

Executes the SQL query in this PreparedStatement object and returns the ResultSet object generated by the query.

int executeUpdate()

Executes the SQL statement in this PreparedStatement object, which must be an SQL INSERT, UPDATE or DELETE statement; or an SQL statement that returns nothing, such as a DDL statement.


One more thing, your query is weak as it is vulnerable with SQL Injection. Please do parameterized by using PreparedStatement.

Sample Code Snippet:

String insertNewUserSQL = "INSERT INTO " + studentsTable + " VALUES (?, ?, ?, ?, ?, ?, ?)";
PreparedStatement pstmt = con.prepareStatement(insertNewUserSQL);
pstmt.setString(1, userName);
// ... repeat this step until the last parameter ....
pstmt.setString(7, email);
pstmt.executeUpdate();
  • Java PreparedStatement
like image 176
John Woo Avatar answered Oct 17 '22 05:10

John Woo


To update values you need to use an updatable ResultSet, as follows:

ResultSet res = preparedStatement.executeQuery(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_UPDATABLE);
res.first();
res.updateInt("id", 2);
res.updateRow();

Alternatively, you can use the executeUpdate method of statement, as follows: statement.executeUpdate("update table set id = 2");

like image 45
hd1 Avatar answered Oct 17 '22 06:10

hd1