[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

JSP Problems with Apostrophes (URGENT)

Posted on 2004-10-04
11
Medium Priority
?
435 Views
Last Modified: 2008-03-06
I am trying to insert text and numbers from a form, but the apostrophes mess it up (i.e., Michael's problem)
I ahve never implemented a PreparedStatement, so I am a little lost...

Can someone please help me out with my code and point out what I SHOULD be doing?

Here is my code:
<%
$MYSQL_edit = "UPDATE picture SET name='" + $name + "',locations='" + $locations + "',url='" + $url + "' WHERE id=" + $next_num;

Connection conn = null;
try{
  Class.forName("oracle.jdbc.driver.OracleDriver");
  conn = DriverManager.getConnection("jdbc:oracle:thin:@10.2.2.15:1521:WEBDEV","infusion","iggy");
  Statement stmt = conn.createStatement();

********PROBLEM AREA ********
  PreparedStatement editStatement = conn.prepareStatement($MYSQL_edit);

  //  change these to the right data types
  editStatement.setInt(1,$next_num);
  editStatement.setString(2, $name);
  editStatement.setInt(3, $locations);
  editStatement.setString(4, $url);

  ResultSet rs2 = editStatement.executeUpdate();
********PROBLEM AREA ********

}catch(SQLException e){
  out.println("SQLException("+$zone+"-edit): " + e.getMessage() + "<BR>");
  while((e = e.getNextException()) != null)
    out.println(e.getMessage() + "<BR>");
}catch(ClassNotFoundException e) {
  out.println("ClassNotFoundException("+$zone+"-edit): " + e.getMessage() + "<BR>");
}finally {
  //Clean up resources, close the connection.
  if(conn != null) {
    try {
      conn.close();
    }catch (Exception ignored) {}
  }
}
%>


This is my error message:
Error 500: Unable to compile class for JSP An error occurred between lines: 21 and 23 in the jsp file: /ism/site/edit.jsp Generated servlet error: d:\WebSphere\AppServer\PATH GOES HERE\_index.java:910: setInt(int,int) in java.sql.PreparedStatement cannot be applied to (int,java.lang.String) editStatement.setInt(3, $locations); ^ An error occurred between lines: 27 and 30 in the jsp file: /ism/site/edit.jsp Generated servlet error: d:\WebSphere\AppServer\PATH GOES HERE\_index.java:927: incompatible types found : int required: java.sql.ResultSet ResultSet rs2 = editStatement.executeUpdate(); ^ 2 errors
0
Comment
Question by:mderbin
  • 5
  • 4
  • 2
11 Comments
 
LVL 92

Expert Comment

by:objects
ID: 12223805
> $MYSQL_edit = "UPDATE picture SET name='" + $name + "',locations='" + $locations + "',url='" + $url + "' WHERE id=" + $next_num;

should be:

$MYSQL_edit = "UPDATE picture SET name=?,locations=?,url=? WHERE id=?";
0
 
LVL 92

Expert Comment

by:objects
ID: 12223810
>  editStatement.setInt(1,$next_num);
>  editStatement.setString(2, $name);
>  editStatement.setInt(3, $locations);
>  editStatement.setString(4, $url);

and that should be:

  editStatement.setString(1, $name);
  editStatement.setInt(2, $locations);
  editStatement.setString(3, $url);
  editStatement.setInt(4,$next_num);
0
 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12223822
$MYSQL_edit = "UPDATE picture SET name='" + $name + "',locations='" + $locations + "',url='" + $url + "' WHERE id=" + $next_num;

should be

$MYSQL_edit = "UPDATE picture SET name=?,locations=?,url=? WHERE id=?";
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12223828
and make sure that $locations and $next_num have type int
0
 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12223831
:) objects, you are so fast.
0
 
LVL 92

Expert Comment

by:objects
ID: 12223850
:)
0
 

Author Comment

by:mderbin
ID: 12230166
OK, I implemented your changes, so now my code looks like this:

String $url = "";
String $locations = "0";  
int $locations_int = 0;
int $next_num = 0;
$next_num = Integer.parseInt(request.getParameter("edit"));

-----------// O'Reilly Enumeration Script is included below//-------------------------------
if($parm_name.equals("locations")){
  $locations = $parm_value;
  $locations_int = Integer.parseInt($locations);
}
if($parm_name.equals("url")){ $url = $parm_value; }
if($parm_name.equals("name")){ $name = $parm_value; }
-----------// O'Reilly Enumeration Script is included above //-----------------------------


$MYSQL_edit = "UPDATE picture SET name=?,locations=?,url=? WHERE id=?";

-----------// Code snipit from edit.jsp below //-----------------------------
PreparedStatement editStatement = conn.prepareStatement($MYSQL_edit);
//  change these to the right data types
editStatement.setString(1, $name);
editStatement.setInt(2, $locations_int);
editStatement.setString(3, $url);
editStatement.setInt(4, $next_num);
ResultSet rs2 = editStatement.executeUpdate();
-----------// Code snipit from edit.jsp above //-----------------------------

And this is my new error:
Error 500: Unable to compile class for JSP An error occurred between lines: 6 and 33 in the jsp file: /ism/site/edit.jsp Generated servlet error: d:\WebSphere\AppServer\temp\usrlwsdev\server1\globalis_war\globalis.war\ism\_index.java:879: incompatible types found : int required: java.sql.ResultSet ResultSet rs2 = editStatement.executeUpdate(); ^ 1 error

Am I still missing something?
Is there any way I can prove that those ints are really ints?
Thanks in advance, and thanks for what you already have done!
-MD
0
 
LVL 92

Accepted Solution

by:
objects earned 2000 total points
ID: 12231936
> ResultSet rs2 = editStatement.executeUpdate();

updates don't return a result set.
should be:

int rows = editStatement.executeUpdate();
0
 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12233584
You declare

int $locations_int = 0;
int $next_num = 0;

It's int type. I think everything is ok.
0
 

Author Comment

by:mderbin
ID: 12234085
Thanks - You Rock!
MD
0
 
LVL 92

Expert Comment

by:objects
ID: 12234120
(:
0

Featured Post

2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Can you run Linux on a Windows system?  Yep.  Here's how.
Data security in the cloud is very much like a security in an on-premises data center - only without costs for maintaining facilities and computer hardware.
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
The video provides a quick and easy steps to migrate MBOX file to well known Outlook PST and Office 365. Besides this, it also supports and migrates more than 20 email clients of MBOX which include AppleMail, Opera, Thunderbird and SeaMonkey effortl…
Suggested Courses

611 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question