simple JSP Page not loading

Question

Getting an error for the following jsp code:

 <%@ page import ="java.sql.*" %>
<%@ page import ="javax.sql.*" %>
<%
String user=request.getParameter("userid"); 
session.putValue("userid",user); 
String pwd=request.getParameter("pwd"); 
String fname=request.getParameter("fname"); 
String lname=request.getParameter("lname"); 
String email=request.getParameter("email"); 
Class.forName("com.mysql.jdbc.Driver"); 
java.sql.Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/test",
"root","123"); 
Statement st= con.createStatement(); 
ResultSet rs; 
int i=st.executeUpdate("insert into users values ('"+user+"','"+pwd+"','"+fname+"',
'"+lname+"','"+email+"')"); 


%>

The error am getting is as follow:

org.apache.jasper.JasperException: Unable to compile class for JSP: 

An error occurred at line: 15 in the jsp file: /db/reg.jsp
String literal is not properly closed by a double-quote
12: "root","123"); 
13: Statement st= con.createStatement(); 
14: ResultSet rs; 
15: int i=st.executeUpdate("insert into users values ('"+user+"','"+pwd+"','"+fname+"',
16: '"+lname+"','"+email+"')"); 
17: 
18: 


Stacktrace:
    org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:102)
    org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:331)
    org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:469)
    org.apache.jasper.compiler.Compiler.compile(Compiler.java:378)
    org.apache.jasper.compiler.Compiler.compile(Compiler.java:353)
    org.apache.jasper.compiler.Compiler.compile(Compiler.java:340)
    org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:646)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:357)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

I do not know what is going wrong over here. I am new to jsp so please help me with a simple explanation. The port number, user name password and everything else it correct for jsp file. Is there something else I am overlooking. Please help me to rectify the error.

Answer 1

Firstly , don't use scriptlets in JSP file, you can have this logic in Servlet or some DAO class.

Next thing , the below line should be a single line :

java.sql.Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/test","root","123"); 

Even put this in a single line :

int i=st.executeUpdate("insert into users values ('"+user+"','"+pwd+"','"+fname+"','"+lname+"','"+email+"')"); 

Better construct a query string with placeholders and use PreparedStatement and set each value . It will prevent all these String formatting issues as well as from SQL Injection.

String query = "insert into users values (?,?,?,?,?,?)";
PreparedStatement statement = connection.prepareStatement(query);
statement.setString(user);
.............
.............
int updateSuccessful = statement.executeUpdate();

Answer 2

Suspecting on String formatting, try this:

java.sql.Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/"+
"test","root","123"); 

Answer 3

You must include the String literal with double quotes -> ". I cannot run the code, but your error is in your sql statement. The term 'insert into user values' is interpreted as a String.