Solved

JSP Problems with Apostrophes (URGENT)

Posted on 2004-10-04
11
414 Views
Last Modified: 2008-03-06
I am trying to insert text and numbers from a form, but the apostrophes mess it up (i.e., Michael's problem)
I ahve never implemented a PreparedStatement, so I am a little lost...

Can someone please help me out with my code and point out what I SHOULD be doing?

Here is my code:
<%
$MYSQL_edit = "UPDATE picture SET name='" + $name + "',locations='" + $locations + "',url='" + $url + "' WHERE id=" + $next_num;

Connection conn = null;
try{
  Class.forName("oracle.jdbc.driver.OracleDriver");
  conn = DriverManager.getConnection("jdbc:oracle:thin:@10.2.2.15:1521:WEBDEV","infusion","iggy");
  Statement stmt = conn.createStatement();

********PROBLEM AREA ********
  PreparedStatement editStatement = conn.prepareStatement($MYSQL_edit);

  //  change these to the right data types
  editStatement.setInt(1,$next_num);
  editStatement.setString(2, $name);
  editStatement.setInt(3, $locations);
  editStatement.setString(4, $url);

  ResultSet rs2 = editStatement.executeUpdate();
********PROBLEM AREA ********

}catch(SQLException e){
  out.println("SQLException("+$zone+"-edit): " + e.getMessage() + "<BR>");
  while((e = e.getNextException()) != null)
    out.println(e.getMessage() + "<BR>");
}catch(ClassNotFoundException e) {
  out.println("ClassNotFoundException("+$zone+"-edit): " + e.getMessage() + "<BR>");
}finally {
  //Clean up resources, close the connection.
  if(conn != null) {
    try {
      conn.close();
    }catch (Exception ignored) {}
  }
}
%>


This is my error message:
Error 500: Unable to compile class for JSP An error occurred between lines: 21 and 23 in the jsp file: /ism/site/edit.jsp Generated servlet error: d:\WebSphere\AppServer\PATH GOES HERE\_index.java:910: setInt(int,int) in java.sql.PreparedStatement cannot be applied to (int,java.lang.String) editStatement.setInt(3, $locations); ^ An error occurred between lines: 27 and 30 in the jsp file: /ism/site/edit.jsp Generated servlet error: d:\WebSphere\AppServer\PATH GOES HERE\_index.java:927: incompatible types found : int required: java.sql.ResultSet ResultSet rs2 = editStatement.executeUpdate(); ^ 2 errors
0
Comment
Question by:mderbin
  • 5
  • 4
  • 2
11 Comments
 
LVL 92

Expert Comment

by:objects
ID: 12223805
> $MYSQL_edit = "UPDATE picture SET name='" + $name + "',locations='" + $locations + "',url='" + $url + "' WHERE id=" + $next_num;

should be:

$MYSQL_edit = "UPDATE picture SET name=?,locations=?,url=? WHERE id=?";
0
 
LVL 92

Expert Comment

by:objects
ID: 12223810
>  editStatement.setInt(1,$next_num);
>  editStatement.setString(2, $name);
>  editStatement.setInt(3, $locations);
>  editStatement.setString(4, $url);

and that should be:

  editStatement.setString(1, $name);
  editStatement.setInt(2, $locations);
  editStatement.setString(3, $url);
  editStatement.setInt(4,$next_num);
0
 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12223822
$MYSQL_edit = "UPDATE picture SET name='" + $name + "',locations='" + $locations + "',url='" + $url + "' WHERE id=" + $next_num;

should be

$MYSQL_edit = "UPDATE picture SET name=?,locations=?,url=? WHERE id=?";
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12223828
and make sure that $locations and $next_num have type int
0
 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12223831
:) objects, you are so fast.
0
 
LVL 92

Expert Comment

by:objects
ID: 12223850
:)
0
 

Author Comment

by:mderbin
ID: 12230166
OK, I implemented your changes, so now my code looks like this:

String $url = "";
String $locations = "0";  
int $locations_int = 0;
int $next_num = 0;
$next_num = Integer.parseInt(request.getParameter("edit"));

-----------// O'Reilly Enumeration Script is included below//-------------------------------
if($parm_name.equals("locations")){
  $locations = $parm_value;
  $locations_int = Integer.parseInt($locations);
}
if($parm_name.equals("url")){ $url = $parm_value; }
if($parm_name.equals("name")){ $name = $parm_value; }
-----------// O'Reilly Enumeration Script is included above //-----------------------------


$MYSQL_edit = "UPDATE picture SET name=?,locations=?,url=? WHERE id=?";

-----------// Code snipit from edit.jsp below //-----------------------------
PreparedStatement editStatement = conn.prepareStatement($MYSQL_edit);
//  change these to the right data types
editStatement.setString(1, $name);
editStatement.setInt(2, $locations_int);
editStatement.setString(3, $url);
editStatement.setInt(4, $next_num);
ResultSet rs2 = editStatement.executeUpdate();
-----------// Code snipit from edit.jsp above //-----------------------------

And this is my new error:
Error 500: Unable to compile class for JSP An error occurred between lines: 6 and 33 in the jsp file: /ism/site/edit.jsp Generated servlet error: d:\WebSphere\AppServer\temp\usrlwsdev\server1\globalis_war\globalis.war\ism\_index.java:879: incompatible types found : int required: java.sql.ResultSet ResultSet rs2 = editStatement.executeUpdate(); ^ 1 error

Am I still missing something?
Is there any way I can prove that those ints are really ints?
Thanks in advance, and thanks for what you already have done!
-MD
0
 
LVL 92

Accepted Solution

by:
objects earned 500 total points
ID: 12231936
> ResultSet rs2 = editStatement.executeUpdate();

updates don't return a result set.
should be:

int rows = editStatement.executeUpdate();
0
 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12233584
You declare

int $locations_int = 0;
int $next_num = 0;

It's int type. I think everything is ok.
0
 

Author Comment

by:mderbin
ID: 12234085
Thanks - You Rock!
MD
0
 
LVL 92

Expert Comment

by:objects
ID: 12234120
(:
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Giving access to ESXi shell console is always an issue for IT departments to other Teams, or Projects. We need to find a way so that teams can use ESXTOP for their POCs, or tests without giving them the access to ESXi host shell console with a root …
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question