Why don’t you put it in the database?

Asked

Viewed 203 times

0

Why does the following database entry code not work? The code reaches Joption "arrived!"

private void btnCadastroActionPerformed(java.awt.event.ActionEvent evt) {                                            
    String sql = "INSERT INTO tbl_cliente(id, nome, nascimento, cpf, sexo, endereco, numero, bairro, cidade,estado, data_entrada, preco_pagamento, datapagamento, mespago)VALUES (12, "+txtNome.getText()+", 1222-10-20, 12312, 123, 123, 123, 123, 123,23, 123, 123, 123, 123)";
    JOptionPane.showMessageDialog(null, "chegou?", "chegou?", JOptionPane.INFORMATION_MESSAGE);
    try {
        pst = conecta.prepareStatement(sql);;
        pst.executeQuery(sql);
        JOptionPane.showMessageDialog(null, "Cadastrado", "Cadastrado", JOptionPane.INFORMATION_MESSAGE);
    } catch (SQLException error) {
    }
}
  • 1

    Do you have an error? You must be returning an error, but you have a catch that does not serve any purpose in the code. Add the following line inside the catch: error.printStackTrace();

  • 2

    @diegofm disagree, serve yes, serve to hide the error and hinder the solution :)

  • no error, you click and it appears the first warning, but does not insert

  • gave this error org.postgresql.util.Psqlexception: You cannot use query methods that take a query from a prepared command.

  • I’m new here kk sorry!

  • The error is giving you the problem, the method executeQuery is for consultations of select, Insert should use the executeUpdate

  • I’ve tried and you still have the same mistake..."you can’t use the methods"

Show 2 more comments

1 answer

0

It is failing because you are using the incorrect method to run the query (you should use executeUpdate() instead of executeQuery()), and also because the nome and the nascimento as sql code instead of SQL values. That is, out of quotes. It would be better to use parameters in PreparedStatement, for example:

String sql = "INSERT INTO tbl_cliente " +
             "(id, nome, nascimento, cpf, sexo, endereco, numero, bairro, " +
             "cidade,estado, data_entrada, preco_pagamento, datapagamento, "+
             "mespago) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
PreparedStatement pst = conecta.prepareStatement(sql);
pst.setInt(1, 12);
pst.setString(2, txtNome.getText());
pst.setString(3, "1222-10-20");
pst.setInt(4, 12312);
// ...
pst.executeUpdate();

More information about the methods executeQuery(), executeUpdate(), setInt(), setString(), etc. is in the API of the PreparedStatement.

If it makes sense in your program, you can fix some parameters in the SQL code. But if it is of certain types, for example VARCHAR, DATE or TIMESTAMP, is needed in quotes ('):

String sql = "INSERT INTO tbl_cliente (id, nome, nascimento, cpf) " +
             "VALUES (5, 'Fulano', '1222-10-20', ?)";

But it’s a very bad idea to simply try to add a string that comes from the user to your SQL code:

// XXX NAO FAÇA ISSO!
String sql = "INSERT INTO tbl_cliente (nome) VALUES ('"
           + txtNome.getText() + "')";

because it thus admits possibility of injection of SQL. And in general it is nothing precise or convenient because the method already exists setString() in PreparedStatement.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.