i am new to jsp i try to print a my database value in my jsp page,
the below program work fine while i directly print the s1=”january” and s2=”2012″ value,both datatype VARCHAR
String QueryString = "SELECT reading,totalcost,paiddate,receiptnumber FROM userseven WHERE readingmonth = '"+s1+"' AND readingyear= '"+s2+"'";
if i try to print my request.getparameter(“t1”)( t1 contain january ) value request.getparameter(“t2”);(t2 contain 2011)
it won’t print any think,
String QueryString = "SELECT reading,totalcost,paiddate,receiptnumber FROM userseven WHERE readingmonth = '"+s11+"' AND readingyear= '"+s22+"'";
<body>
<form action="yeardb.jsp">
<table border="1" >
<tr>
<td>Select Year</td>
<td>
<select name="t1">
<option value="2013">2013</option>
<option value="2012">2012</option>
<option value="2011">2011</option>
<option value="2010">2010</option>
</select>
</td></tr><tr><td>
<tr><td>Select Month:</td>
<td>
<select name="t2">
<option value="january">JANUARY</option>
<option value="march">March</option>
<option value="may">May</option>
<option value="july">JULY</option>
<option value="aug">AUGUEST</option>
<option value="oct">OCTOBER</option>
<option value="dec">DECEMBER</option>
</select></td></tr><tr><td>
<input type= "submit" value="submit" >
</td></tr>
</table>
</form>
</body>
yeardb.jsp
********
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<%@page import="com.mysql.jdbc.Driver"%>
<%@ page import="java.sql.*" %>
<%@ page import="java.io.*" %>
<html>
<head>
<title>display data from the table using jsp</title>
</head>
<body>
<h1>welcome</h1>
<%
String s11=request.getParameter("t1");
String s22=request.getParameter("t2");
String s1="january";
String s2="2011";
out.print("i am String"+s11);
out.print("i am String"+s22);
out.print("outside try");
try {
out.print("inside try");
String connectionURL = "jdbc:mysql://localhost:3306/horizontal";
Connection connection = null;
Statement statement = null;
ResultSet rs = null;
Class.forName("com.mysql.jdbc.Driver").newInstance();
connection = DriverManager.getConnection(connectionURL, "root", "root");
statement = connection.createStatement();
out.print("before query");
String QueryString = "SELECT reading,totalcost,paiddate,receiptnumber FROM userseven WHERE readingmonth = '"+s1+"' AND readingyear= '"+s2+"'";
out.print("after query");
rs = statement.executeQuery(QueryString);
%>
<TABLE cellpadding="15" border="1" style="background-color: #ffffcc;">
<%
out.print("outside while");
while (rs.next()) {
out.print("inside while");
%>
<TR>
<TD><%=rs.getString(1)%></TD>
<TD><%=rs.getString(2)%></TD>
<TD><%=rs.getString(3)%></TD>
<TD><%=rs.getString(4)%></TD>
</TR>
<% } %>
<%
// close all the connections.
rs.close();
statement.close();
connection.close();
} catch (Exception ex) {
%>
</font>
<font size="+3" color="red"></b>
<%
out.println("Unable to connect to database.");
}
%>
</TABLE><TABLE>
<TR>
<button type="submit"><-- back</button></TD>
</TR>
</TABLE>
</font>
I looked a little deeper at your code, you are setting:
t2 contains the month, but your s2 variable contains the year. Swap those around and you should be fine.
With that said, you should really consider using parameterized queries (this is vulnerable to SQL Injection) — look at using PreparedStatement instead:
Good luck.