-1

I'm making a StudentAdministration project with a Usercontroller, studentrepository, some html templates, a css stylesheet and a mySql database. Everything is working out great, and i see my index site, but im having problem creating students because of the Date attribute at my Student class.

In my controller, this is how i create:

@Override
public void create(Student st) {
    jdbc.update("INSERT INTO studentdb.student(firstName, lastName, 
    enrollmentDate, password, cpr)

" + "VALUES('" + st.getFirstName() + "', 
'" + 
st.getLastName() + "', '" +  st.getEnrollmentDate() + "', '" + 
st.getPassword() + "', '" + st.getCpr() + "') ");
}

the problem is the st.getEnrollmentDate because it gives me another date format than the 1 MySql accepts. What should i do here? I'd rather not start changing the Date attribute to a String even though that would fix the problem.

Gustavbang
  • 77
  • 1
  • 1
  • 11
  • 2
    Possible duplicate of [How to store Java Date to Mysql datetime...?](https://stackoverflow.com/questions/2400955/how-to-store-java-date-to-mysql-datetime) – Yusril Herlian Syah Oct 06 '17 at 16:34
  • it worked! awesome. for now, i just put it in my create controller, is it stupid to format every time i create or is this ok? Its a very small project :) – Gustavbang Oct 06 '17 at 16:40
  • I think that's ok. But if you want perform with sql query you can use STR_TO_DATE see https://dev.mysql.com/doc/refman/5.5/en/date-and-time-functions.html#function_str-to-date – Yusril Herlian Syah Oct 06 '17 at 16:48

2 Answers2

0

You should be using prepared statements with parameter placeholders, and then use setDate. You should not concatenate values into a query string. That leaves you open to SQL injection.

As an example, you need to use:

Connection connection = ..; // defined elsewhere
try (PreparedStatement pstm = connection.prepareStatement(
        "INSERT INTO studentdb.student(firstName, lastName, enrollmentDate, password, cpr) " +
        " VALUES (?, ?, ?, ?, ?)") {
    pstmt.setString(1, st.getFirstName());
    pstmt.setString(2, st.getLastName());
    // assuming getEnrollmentDate() returns a java.util.Date
    pstmt.setDate(3, new java.sql.Date(st.getEnrollmentDate().getTime());
    // In a real system you should never store passwords like this!!
    pstmt.setString(4, st.getPassword());
    // Assuming getCpr() returns string
    pstmt.setString(5, st.getCpr());

    pstmt.executeUpdate();
}

Note that storing a password like that should never be done. In a real system you would hash the password with something like PBKDF2 or bcrypt.

Mark Rotteveel
  • 100,966
  • 191
  • 140
  • 197
-1

Try below Steps :-

1.Create a Date object.

Date now = new Date();

2.Create a SimpleDateFormat object by using the constructor,

String pattern = "yyyy-MM-dd"; SimpleDateFormat formatter = new SimpleDateFormat(pattern);

3.Now use the format() method to convert the date object to text format provided in the pattern.

String mysqlDateString = formatter.format(now);

nitin.sharma0180
  • 471
  • 3
  • 6