Solved

JSP Problems with Apostrophes (URGENT)

Posted on 2004-10-04
11
404 Views
Last Modified: 2008-03-06
I am trying to insert text and numbers from a form, but the apostrophes mess it up (i.e., Michael's problem)
I ahve never implemented a PreparedStatement, so I am a little lost...

Can someone please help me out with my code and point out what I SHOULD be doing?

Here is my code:
<%
$MYSQL_edit = "UPDATE picture SET name='" + $name + "',locations='" + $locations + "',url='" + $url + "' WHERE id=" + $next_num;

Connection conn = null;
try{
  Class.forName("oracle.jdbc.driver.OracleDriver");
  conn = DriverManager.getConnection("jdbc:oracle:thin:@10.2.2.15:1521:WEBDEV","infusion","iggy");
  Statement stmt = conn.createStatement();

********PROBLEM AREA ********
  PreparedStatement editStatement = conn.prepareStatement($MYSQL_edit);

  //  change these to the right data types
  editStatement.setInt(1,$next_num);
  editStatement.setString(2, $name);
  editStatement.setInt(3, $locations);
  editStatement.setString(4, $url);

  ResultSet rs2 = editStatement.executeUpdate();
********PROBLEM AREA ********

}catch(SQLException e){
  out.println("SQLException("+$zone+"-edit): " + e.getMessage() + "<BR>");
  while((e = e.getNextException()) != null)
    out.println(e.getMessage() + "<BR>");
}catch(ClassNotFoundException e) {
  out.println("ClassNotFoundException("+$zone+"-edit): " + e.getMessage() + "<BR>");
}finally {
  //Clean up resources, close the connection.
  if(conn != null) {
    try {
      conn.close();
    }catch (Exception ignored) {}
  }
}
%>


This is my error message:
Error 500: Unable to compile class for JSP An error occurred between lines: 21 and 23 in the jsp file: /ism/site/edit.jsp Generated servlet error: d:\WebSphere\AppServer\PATH GOES HERE\_index.java:910: setInt(int,int) in java.sql.PreparedStatement cannot be applied to (int,java.lang.String) editStatement.setInt(3, $locations); ^ An error occurred between lines: 27 and 30 in the jsp file: /ism/site/edit.jsp Generated servlet error: d:\WebSphere\AppServer\PATH GOES HERE\_index.java:927: incompatible types found : int required: java.sql.ResultSet ResultSet rs2 = editStatement.executeUpdate(); ^ 2 errors
0
Comment
Question by:mderbin
  • 5
  • 4
  • 2
11 Comments
 
LVL 92

Expert Comment

by:objects
ID: 12223805
> $MYSQL_edit = "UPDATE picture SET name='" + $name + "',locations='" + $locations + "',url='" + $url + "' WHERE id=" + $next_num;

should be:

$MYSQL_edit = "UPDATE picture SET name=?,locations=?,url=? WHERE id=?";
0
 
LVL 92

Expert Comment

by:objects
ID: 12223810
>  editStatement.setInt(1,$next_num);
>  editStatement.setString(2, $name);
>  editStatement.setInt(3, $locations);
>  editStatement.setString(4, $url);

and that should be:

  editStatement.setString(1, $name);
  editStatement.setInt(2, $locations);
  editStatement.setString(3, $url);
  editStatement.setInt(4,$next_num);
0
 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12223822
$MYSQL_edit = "UPDATE picture SET name='" + $name + "',locations='" + $locations + "',url='" + $url + "' WHERE id=" + $next_num;

should be

$MYSQL_edit = "UPDATE picture SET name=?,locations=?,url=? WHERE id=?";
0
 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12223828
and make sure that $locations and $next_num have type int
0
 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12223831
:) objects, you are so fast.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 92

Expert Comment

by:objects
ID: 12223850
:)
0
 

Author Comment

by:mderbin
ID: 12230166
OK, I implemented your changes, so now my code looks like this:

String $url = "";
String $locations = "0";  
int $locations_int = 0;
int $next_num = 0;
$next_num = Integer.parseInt(request.getParameter("edit"));

-----------// O'Reilly Enumeration Script is included below//-------------------------------
if($parm_name.equals("locations")){
  $locations = $parm_value;
  $locations_int = Integer.parseInt($locations);
}
if($parm_name.equals("url")){ $url = $parm_value; }
if($parm_name.equals("name")){ $name = $parm_value; }
-----------// O'Reilly Enumeration Script is included above //-----------------------------


$MYSQL_edit = "UPDATE picture SET name=?,locations=?,url=? WHERE id=?";

-----------// Code snipit from edit.jsp below //-----------------------------
PreparedStatement editStatement = conn.prepareStatement($MYSQL_edit);
//  change these to the right data types
editStatement.setString(1, $name);
editStatement.setInt(2, $locations_int);
editStatement.setString(3, $url);
editStatement.setInt(4, $next_num);
ResultSet rs2 = editStatement.executeUpdate();
-----------// Code snipit from edit.jsp above //-----------------------------

And this is my new error:
Error 500: Unable to compile class for JSP An error occurred between lines: 6 and 33 in the jsp file: /ism/site/edit.jsp Generated servlet error: d:\WebSphere\AppServer\temp\usrlwsdev\server1\globalis_war\globalis.war\ism\_index.java:879: incompatible types found : int required: java.sql.ResultSet ResultSet rs2 = editStatement.executeUpdate(); ^ 1 error

Am I still missing something?
Is there any way I can prove that those ints are really ints?
Thanks in advance, and thanks for what you already have done!
-MD
0
 
LVL 92

Accepted Solution

by:
objects earned 500 total points
ID: 12231936
> ResultSet rs2 = editStatement.executeUpdate();

updates don't return a result set.
should be:

int rows = editStatement.executeUpdate();
0
 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12233584
You declare

int $locations_int = 0;
int $next_num = 0;

It's int type. I think everything is ok.
0
 

Author Comment

by:mderbin
ID: 12234085
Thanks - You Rock!
MD
0
 
LVL 92

Expert Comment

by:objects
ID: 12234120
(:
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

HOW TO: Install and Configure VMware vSphere Hypervisor 6.5 (ESXi 6.5), Step by Step Tutorial with screenshots. From Download, Checking Media, to Completed Installation.
In  today’s increasingly digital world, managed service providers (MSPs) fight for their customers’ attention, looking for ways to make them stay and purchase more services. One way to encourage that behavior is to develop a dependable brand of prod…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now