Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

Change a line to prepared statement

byMR
November 20, 2021
statement.executeUpdate("INSERT INTO LOGIN VALUES(" + jTextField1.getText() + ",'" + jTextField2.getText() + "'," + jTextField3.getText() + ")");

I have this line and I am trying to do this line prepared statement but I am not able to do it.
What I did is this :

   PreparedStatement pstmt = con.prepareStatement("UPDATE Login
                                     SET login_id = ? WHERE username = ?");

the sql table is this

CREATE TABLE login(
  login_id INTEGER PRIMARY KEY,
  username varchar(150) NOT NULL,
  password varchar(150) NOT NULL
);

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel

>Solution :

This folwoing code should be encapsuled in a ty catch statment

Also i hope you add a password hashing function to your code, every thing else is very insecure.

  PreparedStatement pstmt = con.prepareStatement("INSERT INTO LOGIN VALUES (?,?,?)");
  pstmt.setInt    (1, Integer.parseInt(jTextField1.getText()));
  pstmt.setString (2, jTextField2.getText());
  pstmt.setString (3, jTextField2.getText()));


  // execute the preparedstatement
  pstmt.execute();
byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading