Home > Net >  Change a line to prepared statement
Change a line to prepared statement

Time:11-21

statement.executeUpdate("INSERT INTO LOGIN VALUES("   jTextField1.getText()   ",'"   jTextField2.getText()   "',"   jTextField3.getText()   ")");

I have this line and I am trying to do this line prepared statement but I am not able to do it. What I did is this :

   PreparedStatement pstmt = con.prepareStatement("UPDATE Login
                                     SET login_id = ? WHERE username = ?");
 

the sql table is this

CREATE TABLE login(
  login_id INTEGER PRIMARY KEY,
  username varchar(150) NOT NULL,
  password varchar(150) NOT NULL
);

CodePudding user response:

This folwoing code should be encapsuled in a ty catch statment

Also i hope you add a password hashing function to your code, every thing else is very insecure.

  PreparedStatement pstmt = con.prepareStatement("INSERT INTO LOGIN VALUES (?,?,?)");
  pstmt.setInt    (1, Integer.parseInt(jTextField1.getText()));
  pstmt.setString (2, jTextField2.getText());
  pstmt.setString (3, jTextField2.getText()));


  // execute the preparedstatement
  pstmt.execute();
  • Related