3

Firstly, I'm reading the product name and number of products from user using jTextFields. For that product I read the product id and price from database using sql query. But in the below code I display the product price in a jtextField but while running tha file I get query executed successfully but I'm not getting anything in the jtextField.

And please check the sql query and resultset use, table name is "item" and database name is "myshop", I declared variables globelly and this code is in a jButton's 'ActionPeformed" part.

String item_name=name.getText();
int item_no=Integer.parseInt(no.getText());
String sql="SELECT id,price FROM item WHERE item.name='item_name'";
try{       
Class.forName("com.mysql.jdbc.Driver");
Connection con(Connection)DriverManager.getConnection("jdbc:mysql://localhost:3306/myshop","root","mysql");
java.sql.Statement stmt=con.createStatement();
if (stmt.execute(sql)) {
rs = stmt.getResultSet();
JOptionPane.showMessageDialog(this, "succes","executed query",JOptionPane.PLAIN_MESSAGE);
} else {
System.err.println("select failed");}
int idIndex   = rs.findColumn("id");
int priceIndex    = rs.findColumn("price");

while(rs.next()){
item_id=rs.getInt(idIndex);
item_price=rs.getInt(priceIndex);
jTextField1.setText(""+item_price);//displaying product price in a jTextField1
jTextField2.setText(""+item_id);//displaying product id in a jTextField2  
  }
}
catch(Exception e){
JOptionPane.showMessageDialog(this, e.getMessage());
}
Improve this question
1
  • 2
    String sql = "SELECT id,price FROM item WHERE id=" + item_no; Commented Dec 17, 2013 at 5:51

6 Answers 6

Reset to default
3

This line should be

String sql="SELECT id,price FROM item WHERE item.name='item_name'";

like this

String sql="SELECT id,price FROM item WHERE item.name='"+item_name+"'";
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Please try to provide answer without SQL injections
item.name='"+item_name+"'" this will lead to SQL Injection en.wikipedia.org/wiki/SQL_injection
Also see Aniket's answer about SQL injection.
Though he was asking what I am doing wrong. But still you have to provide much better code so that OP will also understand the good practice of coding
3

Use a PreparedStatement so you don't have to worry about delimiting all the variables:

String sql="SELECT id, price FROM item WHERE item.name = ?";
PreparedStatement stmt = connection.prepareStatement(sql);
stmt.setString( 1, item_name);
ResultSet rs = stmt.executeQuery();

Then the prepared statement will replace the variable for you with the proper quotes.

Improve this answer

Comments

1

you would need to take item_name as param and put in quotes, 

String sql="SELECT id,price FROM item WHERE item.name='"+ item_name+"'";
Improve this answer

1 Comment

-1, this answer was given 3 minutes earlier. No need to clutter the forum with duplicate answers.
0

Try to avoid this type of mistake by using PreparedStatement 

String sql="SELECT id,price FROM item WHERE item.name=?";  
PreapredStatement ps = con.prepareStatement(sql);
ps.setString(1,item_name); 
ResultSet rs = ps.executeQuery();

Use of PreparedStatement also prevent SQL injection attack.

Improve this answer

Comments

0

try this code . 

Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/myshop","root","mysql");
            PreparedStatement pt=con.prepareStatement("SELECT id,price FROM item WHERE item.name=?");
            pt.setString(1,"item_name");
          ResultSet rs;
           if(pt.execute())
           {
                rs=pt.getResultSet();
               JOptionPane.showMessageDialog(this, "succes","executed query",JOptionPane.PLAIN_MESSAGE);
          }
           else {
    System.err.println("select failed");
           }

        while(rs.next()){
    item_id=rs.getInt(1);
    item_price=rs.getInt(2);
    jTextField1.setText(""+item_price);//displaying product price in a jTextField1
    jTextField2.setText(""+item_id);//displaying product id in a jTextField2    

        }
Improve this answer

Comments

0

First, you need an reader, like this

private static void reader() throws SQLException {
    DataBaseName db = new DataBaseName ();
    names = db.getNames();
}
Improve this answer

1 Comment

This seems entirely unrelated to the question asked.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.