CODEWITHSUNDEEP
jspjdbcoracle11gprepared-statement
hari
hari

Reputation: 165

JDBC preparedStatement not working in JSP

  1. PreparedStatement is working fine if query is static (no parameters), for example:

    select * from RWEMP;

  2. but if I use the code below with a search condition:

    SELECT * FROM RWEMP WHERE ENAME= ?

    It doesn't show anything, it is just showing the table headers.

    <FORM METHOD="get"> 
        <INPUT TYPE="text" NAME="cond" SIZE=50>
</FORM> <br> <br>

    <% String value = request.getParameter("cond"); 
        if (value != null) { %>
    <H3> Search results for  <I> <%= value %> </I> </H3>
        <% }  %>

    <%@page import="java.sql.*" %>  
         <%Class.forName("oracle.jdbc.driver.OracleDriver");

          String sql="SELECT * FROM RWEMP WHERE ENAME= ?";

         Connection con=DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:XE","hari","root"); 
         PreparedStatement stat=con.prepareStatement(sql);
         stat.setString(1,"value");
         ResultSet rs=stat.executeQuery();
         try {
             if(rs!=null) {
         %>     
        <table border=1 cellspan=60 cellpadding=16> 
             <tr>
                <th> Emp ID </th>
                <th> Emp Name </th>
                <th> Emp Dept </th>
                <th> Emp Area </th>
                <th> Emp D.O.B  </th>
                <th> EMP Mobile </th>
                <th> Emp Salary </th>
                <th> EMP Wife </th>
            </tr> 
        <%
          while(rs.next()) {
        %>
        <tr> 
            <td><%= rs.getString("EID")%> </td>
            <td><%= rs.getString("ENAME") %> </td>
            <td><%= rs.getString("EDEPT")%> </td>
            <td><%= rs.getString("EAREA")%> </td>
            <td><%= rs.getString("EDOB")%> </td>
            <td><%= rs.getString("EMOBILE")%> </td>
            <td><%= rs.getString("ESAL")%> </td>
            <td><%= rs.getString("ESPOUSE")%> </td>
         </tr>
         <%
          } 
           }
     }                        
          catch(SQLException e) { 
            e.printStackTrace();
             } 
con.close();

    %>

Upvotes: 1

Views: 560

Answers (1)

Ravi K Thapliyal
Ravi K Thapliyal

Reputation: 51711

Change your PreparedStatement's query parameter binding code as

stat.setString(1, value); // no quotes

You need to search on what the value variable contains, not by its name "value" itself.

Upvotes: 4

Related Questions