如何避免将硬编码值发送到 mySQL 数据库

Question

In my project I've assembled a basic password book, the project is designed to send user information over to a mySQL database after the "Save Information" button has been clicked. It works fine when the String values are hardcoded, but when I try to use any kind of String variable or the toString() method I start getting errors. Does anyone know the correct way to send UN-hardcoded values to mySQL?

import javax.swing.*;
//import java.io.*;
//import java.lang.Thread.State;
import java.awt.event.*;
import java.sql.*;

public class PasswordBook implements ActionListener
{
    private static JLabel websiteLabel;
    private static JTextField websiteText;
    private static JLabel userLabel;
    private static JTextField userText;
    private static JLabel passLabel;
    private static JTextField passText;
    private static JLabel emailLabel;
    private static JTextField emailText;
    private static JButton button;
    private static JButton clearButton;
    private static JLabel success;
    //private static String websiteToString; (values I tried)
    //private static String userToString;
    //private static String emailToString;
    //private static String passToString;

    public static void main (String[]args)
    {
        
        JFrame frame = new JFrame();
        JPanel panel = new JPanel();
        frame.setSize(400,350);
        frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
        frame.add(panel);

        panel.setLayout(null); // rows columns

        websiteLabel = new JLabel("Website"); //1st
        websiteLabel.setBounds(10, 20, 80, 25);
        panel.add(websiteLabel);

        websiteText = new JTextField(); //1st
        websiteText.setBounds(100, 20, 165, 25);
        panel.add(websiteText);
        //websiteToString = websiteText.toString();

        userLabel = new JLabel("Username"); //2nd
        userLabel.setBounds(10, 60, 80 ,25);
        panel.add(userLabel);

        userText = new JTextField(20); // 2nd
        userText.setBounds(100, 60, 165, 25);
        panel.add(userText);
        //userToString = userText.toString();

        emailLabel = new JLabel("Email"); //3rd
        emailLabel.setBounds(10, 100, 80 ,25);
        panel.add(emailLabel);

        emailText = new JTextField(); //2nd
        emailText.setBounds(100, 100, 165, 25);
        panel.add(emailText);
        //emailToString = emailText.toString();

        passLabel = new JLabel("Password"); //4th
        passLabel.setBounds(10, 140, 80, 25);
        panel.add(passLabel);

        passText = new JTextField(); // 4th
        passText.setBounds(100, 140, 165, 25);
        panel.add(passText);
        //passToString = passText.toString();

        button = new JButton("Save Information");
        button.setBounds(10, 180, 150 ,25);
        button.addActionListener(new PasswordBook()); // action listener to button
        panel.add(button);

        clearButton = new JButton("Clear");
        clearButton.setBounds(180, 180, 150, 25);

        // CLEARS THE TEXT FIELDS WHEN PRESSED
        clearButton.addActionListener(new ActionListener() {

            @Override // Override allows function to perfrom independently of the parent class
            public void actionPerformed(ActionEvent event)
            {
                websiteText.setText("");
                userText.setText("");
                emailText.setText("");
                passText.setText("");
                success.setText("");
            }
        });

        panel.add(clearButton);

        success = new JLabel("");
        success.setBounds(10, 220, 300, 25);
        panel.add(success);
        

        frame.setVisible(true);

    }

    public void actionPerformed(ActionEvent event) {
        try {

            Connection myConn = DriverManager.getConnection("jdbc:mysql://localhost:3306/passwordbook", "root", "password");
            //Statement myStatement = myConn.createStatement();
            String sq1 = "INSERT into website_and_user_info"
                        + " (Website, Username, Email, Password)"
                        + " values (?, ?, ?, ?)";
            
            PreparedStatement statement = myConn.prepareStatement(sq1);
            statement.setString(1, websiteText.toString()); // These values work when hardcoded
            statement.setString(2, userText.toString());
            statement.setString(3, emailText.toString());
            statement.setString(4, passText.toString());
            
            
            statement.executeUpdate();

            System.out.println("insert complete");
            
        } catch (Exception e) {
            e.printStackTrace();
        }

        

    }


}

Answer 1

If I read it right, passText is a Textfild (advice use Hungarian notation, makes code easier to read) to get the text you need .gettext(). Like prepared preparedStatement.setString(int, passText.getText()); that should do the trick. But you need to get text before clearing the fields. You Code seems to first clear and you use .setTxt in the statement. If iam wrong I'm sry, atm.i just have my phone to browse.