How to insert date into a mysql database from a jsp page?

Question

I am trying to insert data into MySQL database where one of the column gets the current date.

The code is

unit=request.getParameter("unit");
name=request.getParameter("name");
article=request.getParameter("article");
String user=request.getParameter("username");
Class.forName("com.mysql.jdbc.Driver");
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost/newsletter?", "root", "pooja");
Statement st = conn.createStatement();

String query="insert into browse values('"+0+"','"+name+"', '"+NOW()+"', '"+article+"', '"+unit+"', '"+user+"' );";
ResultSet rs = st.executeQuery(query);

The code throws an error at NOW() saying the method is undefined. Is there any correction I can make in this code itself or is there any other way I can enter the current date into the database?

Thanks in advance.

Answer 1

The now() function is a MySQL function, not a Java method call. Therefore it should be part of the SQL text, not a string.

Adding something like "'" + something + "'" is correct when something is a Java expression that returns a string. If something contains "foo", then the result is 'foo' which is a valid SQL string.

But NOW() is not a Java expression. It is also not meant to be a literal string in SQL. So you don't need the quotes. Instead, you should have something like +",NOW(),"+ .

String query="insert into browse values('0','"+name+"', NOW(), '"+article+"', '"+unit+"', '"+user+"' );";

It is recommended to use a PreparedStatement rather than a statement and not embed the strings in that way. And then the NOW() would be part of the SQL statement, and the strings would just be replaced by a ? .

String query="insert into browse values('0',?,NOW(),?,?,?)";
PreparedStatement stmt = conn.prepareStatement(query);
stmt.setString(1, name);
stmt.setString(2, article);
stmt.setString(3, unit);
stmt.setString(4, user);
int inserted = stmt.executeUpdate();

Answer 2

You're indeed calling an undefined Java method NOW() , and passing the result of this Java method to the query. What you want is the query to call a database function called NOW() . So the call to NOW() must be part of the query itself:

String query = "insert into browse values(?, ?, NOW(), ?, ?, ?)";

What are all those question marks, you'll ask. These are placeholders allowing to pass parameters safely , using a prepared statement . If you persist in using String concatenation to pass parameters, your code will be subject to SQL injection attacks, it will fail as soon as any parameter contains a single quote, and you will fight to insert anything other than strings and numbers (ie dates, binary data, etc.). So learn using prepared statements.

Also, executeQuery() is used to execute a select query, returning data in a ResultSet. To execute an insert query, you must use executeUpdate() .

Answer 3

java.util.Date now = new java.util.Date();

bear in mind that variable 'now' is of type Date. you have to modify it to accommodate your DB-> column type

Answer 4

If you use the TIMESTAMP type the date will AUTOMATICALLY be inserted when ever you update the table. This will of course inert time and date, if you just require the date then simply create a new Date object. Also you should really use PreparedStatements to prevent MySQL injection based attacks.