CODEWITHSUNDEEP
javamysqlswing
Ibrahim Keshek
Ibrahim Keshek

Reputation: 21

Insert values to mysql table via Java GUI

I'm working with java and mysql and I'm facing a problem. I'm trying to create an app with GUI to insert data into mysql table and this is the code :

public void insertuser(String fullname,String salary,String adress,String username,String password) throws SQLException
{
    openconnection();
    //openconnection method works well
    String queryInsert =
         "INSERT INTO hema.employee (Emp_name,Emp_salary,Adress,UserName,PassWord)"
       + "VALUES ('"+fullname+"','"+salary+"','"+adress+"','"+username+"','"+password+"')";
    Statement stm=(Statement) con.createStatement();
    ResultSet rs;
    stm.executeQuery(queryInsert);
}

and in the JFrame class I call this method using this code : 

private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {                                         
    try {
        String NAME   =jTextField1.getText();
        String SALARY =jTextField2.getText() ;
        String ADRESS =jTextField3.getText();
        String USER   =jTextField4.getText();
        String PASS   =jPasswordField1.getText();

        Employee emp=new Employee();
        emp.insertuser(NAME, SALARY, ADRESS, USER, PASS);
    } catch (SQLException ex) {
        Logger.getLogger(Register.class.getName()).log(Level.SEVERE, null, ex);
    }       
}

and the first error I have is:

java.sql.SQLException: Can not issue data manipulation statements with executeQuery().

Upvotes: 0

Views: 5007

Answers (2)

Joop Eggen
Joop Eggen

Reputation: 109547

String sqlInsert =
     "INSERT INTO hema.employee (Emp_name,Emp_salary,Adress,UserName,PassWord)"
     + "VALUES (?, ?, ?, ?, ?)";
try (PreparedStatement stm = con.prepareStatement(sqlInsert)) {
    stm.setString(1, fullname);
    stm-setBigDecimal(2, new BigDecimal(salary));
    stm.setString(3, adress);
    stm.setString(4, username);
    stm.setString(5, password);
    int updateCount = stm.executeUpdate(); // 1 when inserted 1 record
} // Closes stm

The error, that for INSERT, DELETE. UPDATE and such executeUpdate should be used is given already.

Also close the statement, for example use the above try-with-resources.

Important is to use a prepared statement. This is a security measure (against SQL injection), but also escapes quotes and backslashes in the values

Another advantage of a prepared statement is that you could reuse it; not so necessary here.

But more important is the type safe setting of fields: I altered the salary field to use BigDecimal, appropriate for numeric values with decimals (SQL column type DECIMAL or so).

Upvotes: 1

rgettman
rgettman

Reputation: 178263

The executeQuery() method is only for executing select statements. For insert, update, and delete statements, you should use the executeUpdate() method.

Executes the given SQL statement, which may be an INSERT, UPDATE, or DELETE statement or an SQL statement that returns nothing, such as an SQL DDL statement.

Upvotes: 3

Related Questions