Solved

JSP Problems with Apostrophes (URGENT)

Posted on 2004-10-04
11
425 Views
Last Modified: 2008-03-06
I am trying to insert text and numbers from a form, but the apostrophes mess it up (i.e., Michael's problem)
I ahve never implemented a PreparedStatement, so I am a little lost...

Can someone please help me out with my code and point out what I SHOULD be doing?

Here is my code:
<%
$MYSQL_edit = "UPDATE picture SET name='" + $name + "',locations='" + $locations + "',url='" + $url + "' WHERE id=" + $next_num;

Connection conn = null;
try{
  Class.forName("oracle.jdbc.driver.OracleDriver");
  conn = DriverManager.getConnection("jdbc:oracle:thin:@10.2.2.15:1521:WEBDEV","infusion","iggy");
  Statement stmt = conn.createStatement();

********PROBLEM AREA ********
  PreparedStatement editStatement = conn.prepareStatement($MYSQL_edit);

  //  change these to the right data types
  editStatement.setInt(1,$next_num);
  editStatement.setString(2, $name);
  editStatement.setInt(3, $locations);
  editStatement.setString(4, $url);

  ResultSet rs2 = editStatement.executeUpdate();
********PROBLEM AREA ********

}catch(SQLException e){
  out.println("SQLException("+$zone+"-edit): " + e.getMessage() + "<BR>");
  while((e = e.getNextException()) != null)
    out.println(e.getMessage() + "<BR>");
}catch(ClassNotFoundException e) {
  out.println("ClassNotFoundException("+$zone+"-edit): " + e.getMessage() + "<BR>");
}finally {
  //Clean up resources, close the connection.
  if(conn != null) {
    try {
      conn.close();
    }catch (Exception ignored) {}
  }
}
%>


This is my error message:
Error 500: Unable to compile class for JSP An error occurred between lines: 21 and 23 in the jsp file: /ism/site/edit.jsp Generated servlet error: d:\WebSphere\AppServer\PATH GOES HERE\_index.java:910: setInt(int,int) in java.sql.PreparedStatement cannot be applied to (int,java.lang.String) editStatement.setInt(3, $locations); ^ An error occurred between lines: 27 and 30 in the jsp file: /ism/site/edit.jsp Generated servlet error: d:\WebSphere\AppServer\PATH GOES HERE\_index.java:927: incompatible types found : int required: java.sql.ResultSet ResultSet rs2 = editStatement.executeUpdate(); ^ 2 errors
0
Comment
Question by:mderbin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 92

Expert Comment

by:objects
ID: 12223805
> $MYSQL_edit = "UPDATE picture SET name='" + $name + "',locations='" + $locations + "',url='" + $url + "' WHERE id=" + $next_num;

should be:

$MYSQL_edit = "UPDATE picture SET name=?,locations=?,url=? WHERE id=?";
0
 
LVL 92

Expert Comment

by:objects
ID: 12223810
>  editStatement.setInt(1,$next_num);
>  editStatement.setString(2, $name);
>  editStatement.setInt(3, $locations);
>  editStatement.setString(4, $url);

and that should be:

  editStatement.setString(1, $name);
  editStatement.setInt(2, $locations);
  editStatement.setString(3, $url);
  editStatement.setInt(4,$next_num);
0
 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12223822
$MYSQL_edit = "UPDATE picture SET name='" + $name + "',locations='" + $locations + "',url='" + $url + "' WHERE id=" + $next_num;

should be

$MYSQL_edit = "UPDATE picture SET name=?,locations=?,url=? WHERE id=?";
0
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12223828
and make sure that $locations and $next_num have type int
0
 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12223831
:) objects, you are so fast.
0
 
LVL 92

Expert Comment

by:objects
ID: 12223850
:)
0
 

Author Comment

by:mderbin
ID: 12230166
OK, I implemented your changes, so now my code looks like this:

String $url = "";
String $locations = "0";  
int $locations_int = 0;
int $next_num = 0;
$next_num = Integer.parseInt(request.getParameter("edit"));

-----------// O'Reilly Enumeration Script is included below//-------------------------------
if($parm_name.equals("locations")){
  $locations = $parm_value;
  $locations_int = Integer.parseInt($locations);
}
if($parm_name.equals("url")){ $url = $parm_value; }
if($parm_name.equals("name")){ $name = $parm_value; }
-----------// O'Reilly Enumeration Script is included above //-----------------------------


$MYSQL_edit = "UPDATE picture SET name=?,locations=?,url=? WHERE id=?";

-----------// Code snipit from edit.jsp below //-----------------------------
PreparedStatement editStatement = conn.prepareStatement($MYSQL_edit);
//  change these to the right data types
editStatement.setString(1, $name);
editStatement.setInt(2, $locations_int);
editStatement.setString(3, $url);
editStatement.setInt(4, $next_num);
ResultSet rs2 = editStatement.executeUpdate();
-----------// Code snipit from edit.jsp above //-----------------------------

And this is my new error:
Error 500: Unable to compile class for JSP An error occurred between lines: 6 and 33 in the jsp file: /ism/site/edit.jsp Generated servlet error: d:\WebSphere\AppServer\temp\usrlwsdev\server1\globalis_war\globalis.war\ism\_index.java:879: incompatible types found : int required: java.sql.ResultSet ResultSet rs2 = editStatement.executeUpdate(); ^ 1 error

Am I still missing something?
Is there any way I can prove that those ints are really ints?
Thanks in advance, and thanks for what you already have done!
-MD
0
 
LVL 92

Accepted Solution

by:
objects earned 500 total points
ID: 12231936
> ResultSet rs2 = editStatement.executeUpdate();

updates don't return a result set.
should be:

int rows = editStatement.executeUpdate();
0
 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12233584
You declare

int $locations_int = 0;
int $next_num = 0;

It's int type. I think everything is ok.
0
 

Author Comment

by:mderbin
ID: 12234085
Thanks - You Rock!
MD
0
 
LVL 92

Expert Comment

by:objects
ID: 12234120
(:
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Choosing a core focus or particular set of features and options can be tough. To help out, we’re going to highlight a handful of things your business needs on one of your social media pages. In other words, if one of these is missing, you should imp…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question