Sql Start Transaction

Question

 String sql= "INSERT INTO UserRecord( name, email, contactNo, password, gender, nationality, " +
                "dateOfBirth, address, postalCode, secretQuestion, secretAnswer, userType, obsoleteStatus)";

                sql += "VALUES('" +  name + "','" + email + "','" + cNo + "','" + pwd + "','" +gen + "','" + nationality + "','" 
                        + dob + "','" + address + "','" + pCode + "','" + secQuestion +"','"+secAnswer + "','"+ userType +"','" + obsoleteStatus + "')";

         String sql2= "INSERT INTO PaymentAccount(creditCardNo,creditCardType,expiryDate,CVV)";

                sql2 += "VALUES('" + cCardNo + "','" + cCardType + "','" + expiryDate + "','" + cvv + "')";

Hi guys,i have do some research on the internet on using the Start Transaction and try to implement it but it seems that i always got error. The sql that i provide is perfect but i need someone who can show me how to use the start transaction because i keep messing up with the "".Thanks guys in advance

score 0 · Answer 1 · answered Jul 04 '13 at 16:32

0

First you should learn about prepared statements. Your code is pure SQL injection junk. Throw it away. Handling credit card numbers with such code is the best way to get fired.

Second you have to disable auto commit for your database connection. This is enabled and prevents transactions, because after each statement a commit is done by the driver. After that you can execute explicit commits.

answered Jul 04 '13 at 16:32

ceving

21,900
13
104
178

I see, do you have any other websites for me to actually learn how to use the start transaction?Thanks – Swaggrammer Jul 05 '13 at 03:27

Sql Start Transaction

1 Answers1