Re: [SQL] INSERT query (using insert from a Java application, concerning String input)

(Continue this thread on the INTERFACES list, where it belongs)

At 2:46 +0200 on 18/2/99, Peter Garner wrote:

> Hi Atika! :-)
>
> > I am basically trying to do something like this:
> >
> > String input = "This is a String";
> >
> > myConn.updateQuery("insert into myDB values(input)");
> >
> > but get an error when I run it saying:
> > ERROR: attribute input not found
> > java.sql.SQLException: ERROR: attribute input not found
>
> Try
>
> String input = "This is a String"
> String query = insert into myDB value ('" + input + "')"
>
> myConn.updateQuery(query);

Ahem. No, this may work, but that's not the way to go about it. In any
case, where did that "updateQuery" come from?

Atika, I have a feeling you are not well-acquainted with JDBC. Reccomended
reading:

http://www.javasoft.com/products/jdk/1.2/docs/guide/jdbc/getstart/introTOC.doc.h
tml

(All on the same line. Not my fault the URLs are that long at Javasoft).

The basic idea is to use a PreparedStatement. These statements include
placeholders, which you fill before you execute them. This enables you to
(a) reuse the same statements with different values, (b) use things other
than strings and (c) have the strings properly quoted and escaped for you.

Thus:

PreparedStatement stmt =
myConn.prepareStatement( "INSERT INTO myDB VALUES ( ? ) " );

String input = "This is a string";

stmt.setString( 1, input );

stmt.executeUpdate();

Note that Peter's solution would not have worked if your input was:

String input = "It's a beautiful day today."

Herouth

--
Herouth Maoz, Internet developer.
Open University of Israel - Telem project
http://telem.openu.ac.il/~herutma