private void jbutton4actionperformed(java.awt.event.actionevent evt) { // todo add handling code here: try{ string companyid=comid.gettext(); string user_name=username.gettext(); string password=password.gettext(); string post_held=jtextfield2.gettext(); string azu="update staffs set staffid= '"+companyid+"',username='"+user_name+"',password='"+password+"','post_held="+post_held+"'where staffid='"+companyid+"' "; //azucar="update staffs set staffid= ?,?,?,?"; az.psst = az.conn.preparestatement(azu); az.psst.execute(azu); joptionpane.showmessagedialog(null, "updated!","frsc",joptionpane.information_message); }catch (exception e){ joptionpane.showmessagedialog(null, e); }deb(); } list item
'post_held="+post_held+"'where should be
post_held='"+post_held+"' where.
on different note: do not build sql statement using string concatenation that, or leave open sql injection attacks, allow attackers delete/steal data.
use preparedstatement parameter markers (?) , set values on statement object.
Comments
Post a Comment