Change a line to prepared statement

Question

statement.executeUpdate("INSERT INTO LOGIN VALUES(" + jTextField1.getText() + ",'" + jTextField2.getText() + "'," + jTextField3.getText() + ")");

I have this line and I am trying to do this line prepared statement but I am not able to do it. What I did is this :

   PreparedStatement pstmt = con.prepareStatement("UPDATE Login
                                     SET login_id = ? WHERE username = ?");

the sql table is this

CREATE TABLE login(
  login_id INTEGER PRIMARY KEY,
  username varchar(150) NOT NULL,
  password varchar(150) NOT NULL
);

Did you set the parameter values? Generally you dont change the primary key after insertion. Post a [mcve] — Reimeus, Nov 20 '21 at 19:21

score 1 · Accepted Answer · answered Nov 20 '21 at 19:24

This folwoing code should be encapsuled in a ty catch statment

Also i hope you add a password hashing function to your code, every thing else is very insecure.

  PreparedStatement pstmt = con.prepareStatement("INSERT INTO LOGIN VALUES (?,?,?)");
  pstmt.setInt    (1, Integer.parseInt(jTextField1.getText()));
  pstmt.setString (2, jTextField2.getText());
  pstmt.setString (3, jTextField2.getText()));


  // execute the preparedstatement
  pstmt.execute();

thank you a lot man I appreciated – ek.Nik Nov 20 '21 at 19:38 — ek.Nik, Nov 20 '21 at 19:38

score 0 · Answer 2 · answered Nov 21 '21 at 06:07

0

observed parameterized object to avoid SQL Injections. just a bunch of security. although that one, you have provided is Okay for learning purposes.

answered Nov 21 '21 at 06:07

Bisaya Coding

1
2

As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Nov 21 '21 at 11:00

Change a line to prepared statement

2 Answers2