Home/ Questions/Q 6795905
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T18:24:10+00:00

try { Statement stmt = con.createStatement(); stmt.executeUpdate(INSERT into emailacc(fname,lname,uname,mail,passwd,passwd2,date,month,year) values(‘+fname+,+lname+,+uname+,+mail+,+passwd+,+passwd2+,+date+,+selectMonth+,+year+’)); out.println(<h3><font color=’green’>Information Added Successfully.</font><br>

  • 0
try {
    Statement stmt = con.createStatement();
    stmt.executeUpdate("INSERT into emailacc(fname,lname,uname,mail,passwd,passwd2,date,month,year) values('"+fname+","+lname+","+uname+","+mail+","+passwd+","+passwd2+","+date+","+selectMonth+","+year+"')");
    out.println("<h3><font color='green'>Information Added Successfully.</font><br> You Are a registered User now.</h3><br>");
    con.close();
} catch(Exception e) {
    out.println("Exception caught : "+e);   
}

Why is it happening?
Last time I did the same but it didn’t happen, whats wrong with it?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Is because you are omitting single quotes, for avoid this mistakes my recommendation is to use PreraredStatement, also in order to proper close connection it mus be in a finally block , you code must look at this:

        try {
        PreparedStatement stmt = con.prepareStatement("INSERT into emailacc(fname,lname,uname,mail,passwd,passwd2,date,month,year) values(?,?,?,?,?,?,?,?,?)");
        stmt.setString(1,fname);
        stmt.setString(2,lname);
        stmt.setString(3,uname);
        stmt.setString(4,mail);
        stmt.setString(5,passwd);
        stmt.setString(6,passwd2);
        stmt.setDate(7,date); //you need convert your date to java.sql.Date if 'date' field of database is of type date. If not setString is fine
        stmt.setInt(8,selectMonth);
        stmt.setInt(9,year);
        stmt.executeUpdate();
        out.println("<h3><font color='green'>Information Added Successfully.</font><br> You Are a registered User now.</h3><br>");
    } catch (Exception e) {
        con.rollback();
        out.println("Exception caught : " + e);
    } finally {
        if (con != null) {
            try {
                con.close();
            } catch(SQLException ex){
                //DO NOTHING
            }
        }
    }

    You can learn more of PreparedStatemt in:

    http://download.oracle.com/javase/tutorial/jdbc/basics/prepared.html

    A final note: PreparedStament are more efficent thant Statement and avoid the SQL Injection hack so PrepararedStatement is more secure. Try use always a PreparedStatement

    • 0