Skip site navigation (1) Skip section navigation (2)

Re: [SQL] INSERT query (using insert from a Java application, concerning String input)

From: Herouth Maoz <herouth(at)oumail(dot)openu(dot)ac(dot)il>
To: pgsql-interfaces(at)postgresql(dot)org
Cc: Atika <agoswa(at)essex(dot)ac(dot)uk>, Peter Garner <peter_garner(at)yahoo(dot)com>
Subject: Re: [SQL] INSERT query (using insert from a Java application, concerning String input)
Date: 1999-02-21 15:45:24
Message-ID: l03110703b2f5d4dac79e@[147.233.159.109] (view raw, whole thread or download thread mbox)
Thread:
Lists: pgsql-interfacespgsql-sql
(Continue this thread on the INTERFACES list, where it belongs)

At 2:46 +0200 on 18/2/99, Peter Garner wrote:


> Hi Atika!  :-)
>
> > I am basically trying to do something like this:
> >
> > String input = "This is a String";
> >
> > myConn.updateQuery("insert into myDB values(input)");
> >
> > but get an error when I  run it saying:
> > ERROR:  attribute input not found
> > java.sql.SQLException: ERROR:  attribute input not found
>
> Try
>
> String input = "This is a String"
> String query = insert into myDB value ('" + input + "')"
>
> myConn.updateQuery(query);

Ahem. No, this may work, but that's not the way to go about it. In any
case, where did that "updateQuery" come from?

Atika, I have a feeling you are not well-acquainted with JDBC. Reccomended
reading:

http://www.javasoft.com/products/jdk/1.2/docs/guide/jdbc/getstart/introTOC.doc.h
tml

(All on the same line. Not my fault the URLs are that long at Javasoft).

The basic idea is to use a PreparedStatement. These statements include
placeholders, which you fill before you execute them. This enables you to
(a) reuse the same statements with different values, (b) use things other
than strings and (c) have the strings properly quoted and escaped for you.

Thus:

    PreparedStatement stmt =
        myConn.prepareStatement( "INSERT INTO myDB VALUES ( ? ) " );

    String input = "This is a string";

    stmt.setString( 1, input );

    stmt.executeUpdate();

Note that Peter's solution would not have worked if your input was:

    String input = "It's a beautiful day today."

Herouth

--
Herouth Maoz, Internet developer.
Open University of Israel - Telem project
http://telem.openu.ac.il/~herutma



In response to

pgsql-interfaces by date

Next:From: Justin R. SmithDate: 1999-02-21 16:03:15
Subject: Quotes in input
Previous:From: Michael MeskesDate: 1999-02-21 11:54:37
Subject: Re: [INTERFACES] ecpg idea

pgsql-sql by date

Next:From: Werner ReisbergerDate: 1999-02-21 17:38:10
Subject: triggers (refint)
Previous:From: Thomas G. LockhartDate: 1999-02-20 16:17:19
Subject: Re: [HACKERS] Re: [SQL] SQL-Query 2 get primary key

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group