Why don’t you put it in the database?

Question

Why don’t you put it in the database?

Asked 8 years, 1 month ago

Viewed 203 times

0

Why does the following database entry code not work? The code reaches Joption "arrived!"

private void btnCadastroActionPerformed(java.awt.event.ActionEvent evt) {                                            
    String sql = "INSERT INTO tbl_cliente(id, nome, nascimento, cpf, sexo, endereco, numero, bairro, cidade,estado, data_entrada, preco_pagamento, datapagamento, mespago)VALUES (12, "+txtNome.getText()+", 1222-10-20, 12312, 123, 123, 123, 123, 123,23, 123, 123, 123, 123)";
    JOptionPane.showMessageDialog(null, "chegou?", "chegou?", JOptionPane.INFORMATION_MESSAGE);
    try {
        pst = conecta.prepareStatement(sql);;
        pst.executeQuery(sql);
        JOptionPane.showMessageDialog(null, "Cadastrado", "Cadastrado", JOptionPane.INFORMATION_MESSAGE);
    } catch (SQLException error) {
    }
}

1

Do you have an error? You must be returning an error, but you have a catch that does not serve any purpose in the code. Add the following line inside the catch: error.printStackTrace();

– user28595

2016/06/04 at 01:38
2

@diegofm disagree, serve yes, serve to hide the error and hinder the solution :)

– Maniero

2016/06/04 at 01:47
no error, you click and it appears the first warning, but does not insert

– Diego Noceli

2016/06/04 at 02:05
gave this error org.postgresql.util.Psqlexception: You cannot use query methods that take a query from a prepared command.

– Diego Noceli

2016/06/04 at 02:08
I’m new here kk sorry!

– Diego Noceli

2016/06/04 at 02:17
The error is giving you the problem, the method executeQuery is for consultations of select, Insert should use the executeUpdate

– user28595

2016/06/04 at 02:19
I’ve tried and you still have the same mistake..."you can’t use the methods"

– Diego Noceli

2016/06/04 at 02:27

Show 2 more comments

1 answer

Browser other questions tagged java postgresql jdbc

You are not signed in. Login or sign up in order to post.

by Dan Getz • **198** points · Answer 1 · 2016-06-04T09:16:46+00:00

It is failing because you are using the incorrect method to run the query (you should use executeUpdate() instead of executeQuery()), and also because the nome and the nascimento as sql code instead of SQL values. That is, out of quotes. It would be better to use parameters in PreparedStatement, for example:

String sql = "INSERT INTO tbl_cliente " +
             "(id, nome, nascimento, cpf, sexo, endereco, numero, bairro, " +
             "cidade,estado, data_entrada, preco_pagamento, datapagamento, "+
             "mespago) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
PreparedStatement pst = conecta.prepareStatement(sql);
pst.setInt(1, 12);
pst.setString(2, txtNome.getText());
pst.setString(3, "1222-10-20");
pst.setInt(4, 12312);
// ...
pst.executeUpdate();

More information about the methods executeQuery(), executeUpdate(), setInt(), setString(), etc. is in the API of the PreparedStatement.

If it makes sense in your program, you can fix some parameters in the SQL code. But if it is of certain types, for example VARCHAR, DATE or TIMESTAMP, is needed in quotes ('):

String sql = "INSERT INTO tbl_cliente (id, nome, nascimento, cpf) " +
             "VALUES (5, 'Fulano', '1222-10-20', ?)";

But it’s a very bad idea to simply try to add a string that comes from the user to your SQL code:

// XXX NAO FAÇA ISSO!
String sql = "INSERT INTO tbl_cliente (nome) VALUES ('"
           + txtNome.getText() + "')";

because it thus admits possibility of injection of SQL. And in general it is nothing precise or convenient because the method already exists setString() in PreparedStatement.