String status = "active", nit = "", grniid = "", sumn = "";
try {
Connection ss = Class_DB.myconnection();
Statement st = ss.createStatement();
ResultSet rs = st.executeQuery("select stock_in_hand from item_supplier where item_ID =('" + TF_GRN_ITEMID.getSelectedItem() + "')");
grniid = TF_GRN_NO_OF_ITEM.getText();
int aa = Integer.parseInt(grniid);
while (rs.next()) {
nit = rs.getString("stock_in_hand");
}
int bb = Integer.parseInt(nit);
sumn = grniid + nit;
int cc = Integer.parseInt(sumn);
st.executeUpdate("insert into grn1 values('" + TF_GRN_GRNNO.getText() + "','" + TF_GRN_SUPPLIERID.getSelectedItem() + "','" + TF_GRN_AMOUNT.getText() + "','" + TF_GRN_DATE.getText() + "')");
st.executeUpdate("insert into grn2 values('" + TF_GRN_GRNNO.getText() + "','" + TF_GRN_ITEMID.getSelectedItem() + "','" + TF_GRN_EXP_DATE.getText() + "','" + TF_GRN_TAX.getText() + "','" + TF_GRN_NO_OF_ITEM.getText() + "','" + TF_GRN_GAMOUNT.getText() + "','" + TF_GRN_NAMOUNT.getText() + "','" + TF_GRN_QTY.getText() + "','" + TF_GRN_UNIT.getText() + "','" + TF_GRN_FREE.getText() + "','" + TF_GRN_DIS.getText() + "')");
st.executeUpdate("update item_supplier set stock_in_hand='" + cc + "' where item_ID='" + TF_GRN_ITEMID.getSelectedItem() + "'");
JOptionPane.showMessageDialog(null, "Data Saved");
clearing();
} catch (Exception ex) {
JOptionPane.showMessageDialog(null, "There is some error.Please contact admin");
ex.printStackTrace();
}
This is the GRN Query. GRN stands for Good Receive Note.
When we recieve Goods/Items from the supplier the company receives a GRN.
The Details of the items will be included in the GRN.
These data/details will be inserted in GRN1 table, GRN2 table and item_Supplier table will be updated according to it.
nit is the variable, using item_id table and item supplier table, stock in hand will be retrieved.
bb is the variable used to pass nit to an integer.
grnid is No of items which we type in the interface will be included in grnidvariable.
aa is the variable used to pass grnid to integer.
class_DB - connection class of the database.
Our problem is
1) he is inserted to GRN1 and GRN2 tables, but item_supplier table is not updated.
2) We want to know if our calculation is correct or not.
Related
I am trying to check if a tuple is present. If it is then return the ID. If it is not present then insert it, create a new ID, and return that ID. This is what I have, however when I return the productID at the end, it is 0. I also keep getting the error:
org.postgresql.util.PSQLException: ERROR: syntax error at or near "7"Position: 360
Can anyone please help me understand where I am going wrong here? Thanks in advance
public int addProduct(String name, String manufacturer) throws SQLException{
int productId = 0;
connection.setAutoCommit(false);
Statement st = null;
st = this.connection.createStatement();
try {
int prod = 0;
Statement stmt = this.connection.createStatement();
stmt.execute("SELECT MAX(product_id) FROM Products");
ResultSet result = stmt.getResultSet();
if (result.next())
prod = result.getInt(1) + 1;
System.out.println(prod);
st.executeUpdate(
"DO " +
"$do$ " +
"BEGIN " +
"IF NOT EXISTS (SELECT 1 FROM Products WHERE " +
"Products.name = " + name + " AND " +
"Products.manufacturer = " + manufacturer + ") THEN " +
"INSERT INTO Products (product_id, name, category, manufacturer) " +
"VALUES (" + prod + ", " + name + ", " +
"" + null + ", " + manufacturer + "); " +
"END IF; " +
"END; " +
"$do$ ; "
);
ResultSet rsFind = st.executeQuery(
"SELECT Products.product_id FROM Products WHERE " +
"Products.name = '" + name + "' AND " +
"Products.manufacturer = '" + manufacturer + "; "
);
if (rsFind.next()) {
productId = rsFind.getInt("product_id");
System.out.println(productId);
}
} catch (SQLException e) {
System.err.println(e);
} finally {
if (st != null) st.close();
}
this.connection.setAutoCommit(true);
return productId;
}
INSERT INTO `idt_lookup`(`idt_resources`, `idt_lookup_name`, `idt_lookup_tbl_name`, `idt_lookup_key_col`, `idt_lookup_val_col`, `last_upd_by`, `last_upd_datetime_utc`) VALUES ('" + resourceId + "','" + roltbl + "','" + roltbl + "','" + rolid + "','" + rolname + "','1','" + date1 + "')
SELECT MAX(`idt_lookup_id`) AS maxid FROM `idt_lookup
How can i join these two queries. Is this possible?
Try Sample Query:-
$insertQuery = "
INSERT INTO owner_business_media
(business_id, sequence, type, filename, title, secret)
SELECT
'".intval($_GET['businessid'])."',
(SELECT MAX(obm.sequence)+1 FROM owner_business_media obm WHERE obm.business_id=".intval($_GET['businessid']).") AS next,
'$type',
'$fullfile',
'$filename',
'1'
";
Hope this will help...!!
String query = "insert into course_data values(null," + CourseName + ","
+ SCrsDesrpTemp + "," + CrsDes + "," + crsurl + ","
+ youtube + "," + sqlStrDate + "," + crsduration + ","
+ CrsImg + "," + "'Open2Study', 'Free', 'English', 'Yes'," + CrsImgUni + date + ")";
I keep getting syntax errors. The variable names are strings that hold values from scraped websites. I printed them out and they work fine, they all are of type string. But for some reason, I keep getting syntax error in the SQL query.
When presented to the database like this, string (and date) values need to be in single quotes.
String query = "insert into course_data values(null,'" + CourseName + "','"
+ SCrsDesrpTemp + "','" + CrsDes + "','" + crsurl + "','"
+ youtube + "','" + sqlStrDate + "','" + crsduration + "','"
+ CrsImg + "'," + "'Open2Study', 'Free', 'English', 'Yes','" + CrsImgUni + date + "')";
The last part may be incorrect "CrsImgUni + date" and you may need to ensure that dates are formatted correctly.
See also What is SQL injection?
String query = "insert into course_data
values (null, '"
+ CourseName + "','"
+ SCrsDesrpTemp + "','"
+ CrsDes + "','"
+ crsurl + "','"
+ youtube + "','"
+ sqlStrDate + "','"
+ crsduration + "','"
+ CrsImg + "','"
+ category + "',"
+ "'Open2Study',
'0.00',
'English',
'Yes','"
+ CrsImgUni + "','"
+ "GETDATE()" + "')";
That is my attempt above. I am trying to insert the current date and time into a date-time column but I keep getting syntax error for the query. It says GETDATE() is not the correct datatype for the column date-time.
Try this for Sql Server:-
ALTER TABLE course_data ADD CONSTRAINT
DF_MyTable_Inserted DEFAULT GETDATE() FOR crsduration
GO
This assumes your table is named course_data, the column is crsduration, and the name of the contstraint is to be DF_MyTable_Inserteddb in
If db in MySQL NOW() for get current date time
NOW()//Current date time
CURDATE()//Current date
String sql= "INSERT INTO UserRecord( name, email, contactNo, password, gender, nationality, " +
"dateOfBirth, address, postalCode, secretQuestion, secretAnswer, userType, obsoleteStatus)";
sql += "VALUES('" + name + "','" + email + "','" + cNo + "','" + pwd + "','" +gen + "','" + nationality + "','"
+ dob + "','" + address + "','" + pCode + "','" + secQuestion +"','"+secAnswer + "','"+ userType +"','" + obsoleteStatus + "')";
String sql2= "INSERT INTO PaymentAccount(creditCardNo,creditCardType,expiryDate,CVV)";
sql2 += "VALUES('" + cCardNo + "','" + cCardType + "','" + expiryDate + "','" + cvv + "')";
Hi guys,i have do some research on the internet on using the Start Transaction and try to implement it but it seems that i always got error. The sql that i provide is perfect but i need someone who can show me how to use the start transaction because i keep messing up with the "".Thanks guys in advance
First you should learn about prepared statements. Your code is pure SQL injection junk. Throw it away. Handling credit card numbers with such code is the best way to get fired.
Second you have to disable auto commit for your database connection. This is enabled and prevents transactions, because after each statement a commit is done by the driver. After that you can execute explicit commits.