Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

JSP Problems with Apostrophes (URGENT)

Posted on 2004-10-04
11
Medium Priority
?
428 Views
Last Modified: 2008-03-06
I am trying to insert text and numbers from a form, but the apostrophes mess it up (i.e., Michael's problem)
I ahve never implemented a PreparedStatement, so I am a little lost...

Can someone please help me out with my code and point out what I SHOULD be doing?

Here is my code:
<%
$MYSQL_edit = "UPDATE picture SET name='" + $name + "',locations='" + $locations + "',url='" + $url + "' WHERE id=" + $next_num;

Connection conn = null;
try{
  Class.forName("oracle.jdbc.driver.OracleDriver");
  conn = DriverManager.getConnection("jdbc:oracle:thin:@10.2.2.15:1521:WEBDEV","infusion","iggy");
  Statement stmt = conn.createStatement();

********PROBLEM AREA ********
  PreparedStatement editStatement = conn.prepareStatement($MYSQL_edit);

  //  change these to the right data types
  editStatement.setInt(1,$next_num);
  editStatement.setString(2, $name);
  editStatement.setInt(3, $locations);
  editStatement.setString(4, $url);

  ResultSet rs2 = editStatement.executeUpdate();
********PROBLEM AREA ********

}catch(SQLException e){
  out.println("SQLException("+$zone+"-edit): " + e.getMessage() + "<BR>");
  while((e = e.getNextException()) != null)
    out.println(e.getMessage() + "<BR>");
}catch(ClassNotFoundException e) {
  out.println("ClassNotFoundException("+$zone+"-edit): " + e.getMessage() + "<BR>");
}finally {
  //Clean up resources, close the connection.
  if(conn != null) {
    try {
      conn.close();
    }catch (Exception ignored) {}
  }
}
%>


This is my error message:
Error 500: Unable to compile class for JSP An error occurred between lines: 21 and 23 in the jsp file: /ism/site/edit.jsp Generated servlet error: d:\WebSphere\AppServer\PATH GOES HERE\_index.java:910: setInt(int,int) in java.sql.PreparedStatement cannot be applied to (int,java.lang.String) editStatement.setInt(3, $locations); ^ An error occurred between lines: 27 and 30 in the jsp file: /ism/site/edit.jsp Generated servlet error: d:\WebSphere\AppServer\PATH GOES HERE\_index.java:927: incompatible types found : int required: java.sql.ResultSet ResultSet rs2 = editStatement.executeUpdate(); ^ 2 errors
0
Comment
Question by:mderbin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 92

Expert Comment

by:objects
ID: 12223805
> $MYSQL_edit = "UPDATE picture SET name='" + $name + "',locations='" + $locations + "',url='" + $url + "' WHERE id=" + $next_num;

should be:

$MYSQL_edit = "UPDATE picture SET name=?,locations=?,url=? WHERE id=?";
0
 
LVL 92

Expert Comment

by:objects
ID: 12223810
>  editStatement.setInt(1,$next_num);
>  editStatement.setString(2, $name);
>  editStatement.setInt(3, $locations);
>  editStatement.setString(4, $url);

and that should be:

  editStatement.setString(1, $name);
  editStatement.setInt(2, $locations);
  editStatement.setString(3, $url);
  editStatement.setInt(4,$next_num);
0
 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12223822
$MYSQL_edit = "UPDATE picture SET name='" + $name + "',locations='" + $locations + "',url='" + $url + "' WHERE id=" + $next_num;

should be

$MYSQL_edit = "UPDATE picture SET name=?,locations=?,url=? WHERE id=?";
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12223828
and make sure that $locations and $next_num have type int
0
 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12223831
:) objects, you are so fast.
0
 
LVL 92

Expert Comment

by:objects
ID: 12223850
:)
0
 

Author Comment

by:mderbin
ID: 12230166
OK, I implemented your changes, so now my code looks like this:

String $url = "";
String $locations = "0";  
int $locations_int = 0;
int $next_num = 0;
$next_num = Integer.parseInt(request.getParameter("edit"));

-----------// O'Reilly Enumeration Script is included below//-------------------------------
if($parm_name.equals("locations")){
  $locations = $parm_value;
  $locations_int = Integer.parseInt($locations);
}
if($parm_name.equals("url")){ $url = $parm_value; }
if($parm_name.equals("name")){ $name = $parm_value; }
-----------// O'Reilly Enumeration Script is included above //-----------------------------


$MYSQL_edit = "UPDATE picture SET name=?,locations=?,url=? WHERE id=?";

-----------// Code snipit from edit.jsp below //-----------------------------
PreparedStatement editStatement = conn.prepareStatement($MYSQL_edit);
//  change these to the right data types
editStatement.setString(1, $name);
editStatement.setInt(2, $locations_int);
editStatement.setString(3, $url);
editStatement.setInt(4, $next_num);
ResultSet rs2 = editStatement.executeUpdate();
-----------// Code snipit from edit.jsp above //-----------------------------

And this is my new error:
Error 500: Unable to compile class for JSP An error occurred between lines: 6 and 33 in the jsp file: /ism/site/edit.jsp Generated servlet error: d:\WebSphere\AppServer\temp\usrlwsdev\server1\globalis_war\globalis.war\ism\_index.java:879: incompatible types found : int required: java.sql.ResultSet ResultSet rs2 = editStatement.executeUpdate(); ^ 1 error

Am I still missing something?
Is there any way I can prove that those ints are really ints?
Thanks in advance, and thanks for what you already have done!
-MD
0
 
LVL 92

Accepted Solution

by:
objects earned 2000 total points
ID: 12231936
> ResultSet rs2 = editStatement.executeUpdate();

updates don't return a result set.
should be:

int rows = editStatement.executeUpdate();
0
 
LVL 11

Expert Comment

by:sompol_kiatkamolchai
ID: 12233584
You declare

int $locations_int = 0;
int $next_num = 0;

It's int type. I think everything is ok.
0
 

Author Comment

by:mderbin
ID: 12234085
Thanks - You Rock!
MD
0
 
LVL 92

Expert Comment

by:objects
ID: 12234120
(:
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
What we learned in Webroot's webinar on multi-vector protection.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question