1

I am making an application for booking a movie ticket, then I want to make a button for selecting seat numbers by checking several conditions on the database. I use JButton with the following actions:

private void A1ActionPerformed (java.awt.event.ActionEvent evt) {
        try {
            Object day = cmbHari.getSelectedItem ();
            Object stud = cmbStud.getSelectedItem ();
            String sql = "SELECT * FROM message where id_kursi = '" + A1.getText () + "' AND id_film = '" + txtIDFilm.getText () + "' AND start = '" + txtJam.getText () + "' AND day = '"+ day +"' AND studio = '"+ stud +"' ";
            Stat statement = conn.createStatement ();
            ResultSet result = stat.executeQuery (sql);
            if (result.equals (true)) {
                JOptionPane.showMessageDialog (null, "Seat has been booked");
            } else {
                JOptionPane.showMessageDialog (null, "Seat booked");
                txtKur.setText ("A1");
            }
        } catch (SQLException ex) {
            Logger.getLogger (belitiket.class.getName ()). Log (Level.SEVERE, null, ex);
        }
    }

But always the seats can be ordered even though all conditions are fulfilled, the seats should not be ordered.

EDIT: Thanks guys, solved.

private void A1ActionPerformed(java.awt.event.ActionEvent evt) {                                   
        try {
            Object hari = cmbHari.getSelectedItem(); 
            String h=hari.toString();  
            Object stud = cmbStud.getSelectedItem();
            String s=stud.toString();
            String insert = "select 1 from pesan where id_kursi=? and id_film=? and mulai=? and hari=? and studio=?;";
            PreparedStatement ps = conn.prepareStatement(insert);
            ps.setString(1, A1.getText());
            ps.setString(2, txtIDFilm.getText());
            ps.setString(3, txtJam.getText());
            ps.setString(4, h);
            ps.setString(5, s);

            ResultSet rs = ps.executeQuery();
            if(rs.next()){
                JOptionPane.showMessageDialog(null, "Kursi Sudah Dipesan");
                txtKur.setText("");
            }else{
                JOptionPane.showMessageDialog(null, "Kursi Dipesan");
                txtKur.setText("A1");
            }
        } catch (SQLException ex) {
            Logger.getLogger(belitiket.class.getName()).log(Level.SEVERE, null, ex);
        }
    }
pxnji
  • 13
  • 3
  • 1
    Important basics first: [Prevent SQL injection attacks in a Java program](https://stackoverflow.com/questions/9516625/prevent-sql-injection-attacks-in-a-java-program) – danblack Jun 25 '19 at 22:54
  • I see a `SELECT` statement where is the `INSERT` or `UPDATE` statement that actually commits the changes to the database? – RyanNerd Jun 26 '19 at 00:14
  • Thanks for putting up your fix based on the answer and caring about SQL injection. Nit: Your `Statement stat` is unused too. Welcome to SO @pxnji. – danblack Jun 26 '19 at 11:04
  • Thanks very much for help me do this homework. Ups, I forgot to delete that. @danblack – pxnji Jun 26 '19 at 19:43
  • As long ask you're asking for help with homework and not asking for others to do it for you its fine. – danblack Jun 26 '19 at 22:58

1 Answers1

0

The ResultSet is an iterative item and not a boolean to be compared to.

Also if you don't need a result use SELECT 1 ... that way if there is an item there will be a result and it can be done quickly on the server rather than marshalling unneeded information.

danblack
  • 12,130
  • 2
  • 22
  • 41