fetch sql query to become a variable

Question

I'm looking all over the net for this problem, I don't know maybe I just cant explain what I'm trying to do.

Statement stmtttt = con.createStatement();
 ResultSet resultttt = stmtttt.executeQuery("select * from logs_pms_t_project where p_id="+p_id+" ");
                    while(resultttt.next())
                                      {
 out.println(" <span class>" + resultttt.getString("phase_id")+ "</span>" );
                                      }

In that code, I'm trying to display a certain column from the database -- the phase_id . So that I can store it as variable to a String .

String phase_id=???;

How can I do that?

Answer 1

I'm not exactly sure what you're trying to accomplish, but looking at the SQL, I think you're expecting just 1 row returned, therefore an if will do, no need for a while . So then you can assign the phase_id var like this

ResultSet resultttt = stmtttt.executeQuery("select * from logs_pms_t_project where p_id="+p_id+" ");
String phase_id = null;
if (resultttt.next()) {
    phase_id = resultttt.getString("phase_id");
    // out.println ... ?
}

You could do the same with the while loop of course, but if the query returned more than 1 row, it phase_id would contain the id from the last row.

Answer 2

Most likely the cause of your problems is that you are not enclosing p_id in quotes. In general, passing parameters to queries like this is a bad practice. Suggest you read up on java.sql.PreparedStatement - it has a setString() method for setting query parameters.

This is called 'SQL injection vulnerability': if you are reading p_id from an input, the user could have entered something like foo"; drop table logs_pms_t_project; , and erase all your data.