public static boolean saveUserInfo(Client c){
try {
Statement statement = conn.createStatement();
ResultSet group = statement.executeQuery("SELECT * FROM users WHERE username = '"+ c.playerName + "'");
if (!group.next())
statement.execute("INSERT INTO `users` (`username`, `password`, `rights`, `address`, `hasbankpin`, `bankpin1`, `bankpin2`, `bankpin3`, `bankpin4`, `height`, `posx`, `posy`, `cbowcount`, `vls`, `skulltime`, `ep`, `dpoints`, `vlsleft`) VALUES ('"+c.playerName+"', '"+c.playerPass+"', '"+c.playerRights+"', '"+c.getIP()+"', '"+c.hasBankPin+"', '"+c.bankPin1+"', '"+c.bankPin2+"', '"+c.bankPin3+"', '"+c.bankPin4+"', '"+c.heightLevel+"', '"+c.absX+"', '"+c.absY+"', '"+c.crystalBowArrowCount+"', '"+c.degradeTime+"', '"+c.skullTimer+"', '"+c.earningPotential+"', '"+c.dungeonPoints+"', '"+c.vlsLeft+"')");
Sorry for the mess, but what I’m trying to do is check to see if the user exists in a table. If so, I would like it to update it, if not I would like it to add the user. I have been trying at this for a couple days now and I haven’t had any luck.
Any help is much appreciated!
Your code is vulnerable to
SQL Injection. In order to avoid that, use JAVA PreparedStatement. Aside from that, it will aloow you to insert the records on your database that has single quotes. An example of Prepared Statement is like this:Remember to always sanitize your inputs.
back in your question, you can use
INSERT...ON DUPLICATE KEY UPDATEExample, (your username must be
UNIQUE)