1

I have follwinig code for search data.

public void advanceSearchMethod(String advanceName, int advanceTpNumber, String advanceAddress, String advanceDescription){
    Connection connection=null;
    try{  
        //for connect to database.
        connection=(Connection) DriverManager.getConnection("jdbc:mysql://localhost/contactbook","root","time1");
        //for communicate with database.
        Statement stmt=(Statement)connection.createStatement();
        String searchQuery="SELECT * FROM Contacts WHERE Name LIKE '%'"+advanceName+"'%' AND TelePhoneNumber LIKE '"+advanceTpNumber+"%' OR Address LIKE '%'"+advanceAddress+"'%' OR Description LIKE '%'"+advanceDescription+"'%'";
        rs=stmt.executeQuery(searchQuery);
        contactTableInDefaultForm.setModel(DbUtils.resultSetToTableModel(rs));
    }catch(Exception e){
        JOptionPane.showMessageDialog(null, "Sorry! Connection Failed");
    }
}

No errors in this code.but work catch block. I cannot imagine what I should do. How can I search them?

Improve this question
1
  • what is the exception you are getting .print the exception and tell Commented Sep 22, 2013 at 11:42

2 Answers 2

Reset to default
4

You have a major bug -- when you build the WHERE clause, you have spurious ' apostrophes after '% opening-quote & wildcard and before %' closing-wildcard & quote.

Your broken code:     "WHERE Name LIKE '%'"+advanceName+"'%'"
Corrected:            "WHERE Name LIKE '%"+advanceName+"%'"

But the whole code is not good code, at all -- every single thing is wrong with it.

WHERE clauses should be built up only with the conditions you actually need to search on. And should use PreparedStatement and ? bound parameters, rather than building string-literals into the SQL. (You have built a well-known security flaw.)

PhoneNumbers are strings, not integers. The LIKE pattern for TelePhoneNumber doesn't have a starting %.

DB connection should be provided from one class & method, rather than in every method in your application.

Errors in separate operations (getting the connection/ vs. executing the query and reading results) should be checked & reported separately. Exceptions and stacktraces should always be logged (use Log4J) or, at the worst case, output to the console.

The single only thing you got right here, was the variable & parameter naming.

To be honest, you ought to be using Hibernate rather than writing this rickety nonsense.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2 
String searchQuery="SELECT * FROM Contacts WHERE Name LIKE '%'"+advanceName+"'%' AND TelePhoneNumber LIKE '"+advanceTpNumber+"%' OR Address LIKE '%"+advanceAddress+"%' OR Description LIKE '%"+advanceDescription+"%'";

U have added addition single quatation.. Hope this is right answer..

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.