Home/ Questions/Q 7995701
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T14:29:58+00:00

I’m using the following codes to add a user to a table called USERS

  • 0

I’m using the following codes to add a user to a table called USERS in my database, the connection is correct because I have tried other queries and they worked, I tried this query in Oracle itself and it worked, I’m just having problems with queries in java, mostly because of SPACE and the syntax, what is wrong with this one?

try
{
    stmt=conn.createStatement();
    //query="INSERT INTO Users (user_id,username,password,first_name,last_name) " + " VALUES (seq_users.nextval,'"+usernameCreateField.getText()+"','"+new String(passwordCreateField.getPassword())+"','"+firstnameCreateField.getText()+"','"+lastnameCreateField.getText()+"') ";
    query="INSERT INTO Users (user_id,username,password,first_name,last_name) " +" VALUES (seq_users.nextval,'test','test','test','test') ";
    rset=stmt.executeQuery(query);
}
catch(SQLException | NumberFormatException e)
{
    System.out.println("result error, " +e.getMessage());
}
finally
{
    try
    {
        rset.close();
        stmt.close();
    }
    catch(Exception e)
    {
        System.out.println("Error in closing "+e.getMessage());
    }
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    So problem is that you calling executeQuery(query) on your statement and this is reason why it doesn’t work. executeQuery() method you cannot use for DML (Data Manipulation Language) statements like are INSERT, UPDATE and DELETE. For these statements Java offers method named executeUpdate() which exists for these DML statements.

    From the docs:

    executeUpdate method executes the SQL statement in this
    PreparedStatement object, which must be an SQL Data Manipulation
    Language (DML) statement, such as INSERT, UPDATE or DELETE; or an SQL
    statement that returns nothing, such as a DDL statement.

    So only replace actual method with this and it would will work.

    And sorry for my curiosity but why you aren’t using parametrized SQL statements? You would know that not using parametrized statements there is hight danger of SQL Injection and many hackers using this for damage databases. You should think about it. It is very important if you want to your database will be more safer. You wouldn’t believe what prove SQL Injection with database.

    Only for example for you, should create query like this:

    query = "INSERT INTO Users (user_id,username,password,first_name,last_name) values(?,?,?,?,?) ";

    This ? char is representing one parameter. Numbering starts with 1,2,3, etc.. not from zero.

    And then you must replace there params with real data before you execute statement like this:

    PreparedStatement ps = conn.prepareStatement(query);
// no set parameters
ps.setInt(1, someDTO.getId());
ps.setString(2, someDTO.getUserName());
ps.setString(3, someDTO.getPassword());
ps.setString(4, someDTO.getFirstName());
ps.setString(5, someDTO.getLastName());
ps.executeUpdate();
System.out.println("Data was inserted successfully.");
return true;

    So more about SQL Injection: here and here

    EDIT:

    I forgot to tell you when i just watching your code, when you opens connection and then of course you will close it, you not must call close() method for statements or ResultSet, all will be closed after when you close connection.

    Hope that helps you.

    Regards

    • 0