0

I have a simple program where I want to take a user supplied first name and last name, then enter those into a MySql database. The two variables, call them first and last, will be simple command line prompts, so scanner first then scanner last. Then take first and last and add them to my MySql statement. Here is the code I have, but for some reason I cannot get the syntax correct. In this example I'm using statments, although I can and would use prepared statements. In the real world I would use prepared statements, but even a statement would work for this project.

Here is my code with one scanner line. Right now the code does work with the two constant values Cathy and Jones. I want those to be variables.

class AddStudent 
{ 

    public static void main (String[] args) 
    { 
        try
        { 

            Connection conn = DriverManager.getConnection(url,user,pass); 
            Statement st = conn.createStatement(); 
            Scanner first = new Scanner(System.in);
            System.out.println(first.nextLine());


            String SQL = "INSERT INTO test VALUES ('Cathy', 'Jones')";
            st.executeUpdate(SQL);



              conn.close(); 

        } catch (Exception e) { 
            System.err.println("Got an exception! "); 
            System.err.println(e.getMessage()); 
        } 

    }

    private static String url = "jdbc:mysql://localhost:3306/registrar";
Improve this question
0

3 Answers 3

Reset to default
2

Here you go, but its not recommended to go with Statement

Scanner first = new Scanner(System.in);
String f = first.nextLine();

Scanner last = new Scanner(System.in);
String l = last.nextLine();    

String SQL = "INSERT INTO test VALUES ('" + f + "','" + l + "')";
st.executeUpdate(SQL);

Its recommended like this :

PreparedStatement ps = conn.prepareStatement("INSERT INTO test VALUES (?, ?)");
ps.setString(1, f);
ps.setString(2, l);
ps.executeUpdate();

java reference

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you!.. Great help from everyone, yes, I figured, I would have to get my head around the syntax for the prepared statements. And working in the security field, but I really don't write much code. I know how easy it is for Sql Injection. This is mostly a test project, for a simple school class, that offers, well not that much in the way of help.
1

So many potential errors.

  1. missing a closing } to close the class.
  2. are you sure your database is running?
  3. Did you create the table test?

4. Your scanner is amok. 

 Scanner scanner = new Scanner(System.in);
 String first = scanner.nextLine();
 String last = scanner.nextLine();

5.

String SQL = "INSERT INTO test VALUES ('Cathy', 'Jones')";
st.executeUpdate(SQL);

should be

String SQL = String.format("INSERT INTO test VALUES ('%s', '%s')", first, last);
st.executeUpdate(SQL);
Improve this answer

1 Comment

Sorry, yes as far as the code, it works, the sql table gets the updates. I cut a bit of the code off. The main question is how to change those constant values to variables. And from all the answers so far, and thanks everyone, the first step I guess will be to change prepared statements
0

The best way to do it is the following way. This is code below achieves what you want and prevents SQL injections and other problems caused by malicious or unexpected input by a user.

String firstName = "Cathy";
String lastName = "Jones";
String query= "INSERT INTO test VALUES (?,?)";
PreparedStatement stmt = mysqlConnection.prepareStatement(query);
stmt.setString(1,firstName);
stmt.setString(2,lastName);
stmt.executeUpdate(SQL);
Improve this answer

2 Comments

Thank you. Yes that is the direction it seems I need to use. So the first part you have where string firstName is set to Cathy, I can then change Cathy to a variable I get from some chosen input?
Yes, you can change the value to firstName or lastName to whatever you want and rerun the code. In the example above, i have firstName equal Cathy, and lastName equal to Jones.... not sure I understand your comment

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.