prepared statement

Question

how can i write prepared statement instead of this: please help me

String qry= "INSERT INTO 
Registration1(RegistrationNo,Date,SeniorPerson,NativePlace,Kul,Gotra,KulSwami,ResidensialAddress,PinCode,STDcode,TelephoneNo,MobileNo,Email,Website,Education,Branch,BirthDate,BloodGroup) VALUES('"+regno+"','"+dt+"','"+nm+"','"+place+"','"+kul+"','"+gotra+"','"+kswami+"','"+raddr+"','"+pincode+"','"+stdcd+"','"+tele+"','"+mno+"','"+email+"','"+website+"','"+education+"','"+branch+"','"+bdt+"','"+bloodgrp+"')";
stmt.executeUpdate(qry);

Answer 1

PreparedStatement stmt = conn.prepareStatement("INSERT INTO Registration1(RegistrationNo,Date,SeniorPerson,NativePlace,Kul,Gotra,KulSwami,ResidensialAddress,PinCode,STDcode,TelephoneNo,MobileNo,Email,Website,Education,Branch,BirthDate,BloodGroup) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");

int col = 1;
stmt.setString(col++, regno);
stmt.setDate(col++, new java.sql.Date(dt.getTime()));  // assuming dt is a java.util.Date
(etc)

stmt.executeUpdate();

Answer 2

    `enter code here`you can use prepared statement of insertion like..


         Connection MyCon=null;
         PreparedStatement Ps=null;
try{
          myCon=(Connection) DriverManager.getConnection("jdbc:mysql://localhost:3306/demo","student","student");   
       // these are string from where we can take inputs .
         String Fname;
         String Lname;
         String email;
         String department;
         String Salary;


         Fname=JOptionPane.showInputDialog(null,"Enter First Name");
         Lname=JOptionPane.showInputDialog(null,"Enter Last Name");
         email=JOptionPane.showInputDialog(null,"Enter Your Email");
         department=JOptionPane.showInputDialog(null,"Enter Department Name");
         Salary=JOptionPane.showInputDialog(null,"Enter Salary Name");

            **String insertion="insert into employees"
                   + "(first_name, last_name, email, department ,salary )"+"values "
                    + "(?,?,?,?,?)";**

             **Ps=(PreparedStatement) MyCon.prepareStatement(insertion);
               Ps.setString(1,Fname);
                 Ps.setString(2,Lname);
                 Ps.setString(3,email);
                 Ps.setString(4,department);
                 Ps.setString(5,Salary);

        Ps.executeUpdate();**
}catch(Exception e)
{
e.printtrace();
}

Answer 3

You Should use this template:

PreparedStatement pstmt = con .prepareStatement ("INSERT INTO TableName (ColumnNmae1, ColumnNmae2, ColumnNmae3...) VALUES (?,?,?...);
    pstmt.setType(1, value);
    pstmt.setType(2, value);
    pstmt.setType(3, value);
    etc.

in the prepared statemnt you need to use exactly the same amount oof question mark as the columns you manchined in the statment.

for each question mark you shoukd setValue, you need to choose the right set for eac value typr, there is setString setInt etc...

In your specific case it should look like that:

PreparedStatement pstmt = con .prepareStatement ("INSERT INTO TableName (RegistrationNo,Date,SeniorPerson...) VALUES (?,?,?...);
pstmt.setString(1, regno);
pstmt.setDate(2, Date);
pstmt.setString(3, SeniorPerson);
etc.

Answer 4

Yours is an example of how to NOT use PreparedStatement .

Here's a better idea:

// Here's a PreparedStatement to satisfy the person who downvoted.
PreparedStatement stmt = connection.prepareStatement();
// I might have missed a '?' - you should check it.
String qry= "INSERT INTO    Registration1(RegistrationNo,Date,SeniorPerson,NativePlace,Kul,Gotra,KulSwami,ResidensialAddress,PinCode,STDcode,TelephoneNo,MobileNo,Email,Website,Education,Branch,BirthDate,BloodGroup) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
// Bind the variables here
stmt.executeUpdate(qry);

You should go through this carefully.