JSP: Problem with Integer Values, not assigning type correctly

Question

Robtyketto 0 Light Poster

16 Years Ago

Greetings,

Within my jsp I have HTML code (see below) which accepts input, one of these fields sequence unlike the others is an Integer and within the HTML FORM the INPUT TYPE is set to "int".

<FORM ACTION="wk465682AddFAQ.jsp" METHOD="POST">
  Id: <INPUT TYPE=TEXT NAME=Id><BR><BR>
  Category: <INPUT TYPE=TEXT NAME=category><BR><BR>
  Question<BR><TEXTAREA NAME=question COLS=100 ROWS=2></TEXTAREA><BR><BR>   
  Answer<BR><TEXTAREA NAME=answer COLS=100 ROWS=4></TEXTAREA><BR><BR> 
  Sequence: <INPUT TYPE="int" NAME=sequence><BR><BR>    
  <INPUT TYPE=Submit VALUE="Add to Database">
</FORM>

These values are then retrieved in the same jsp file using the code below and inserted into the table (sequence field is Number format in MS acess table):-

Enumeration parameters = request.getParameterNames();
 
 if(parameters.hasMoreElements()) {
    String IdParam  = request.getParameter("Id");
    String categoryParam  = request.getParameter("category");
    String questionParam = request.getParameter("question");    
    String answerParam = request.getParameter("answer");    
    Integer sequenceParam = request.getParameter("sequence");
    statement.executeUpdate("INSERT INTO FAQ (\"Id\",\"category\", \"question\", \"answer\", \"sequence\", \"UserId\", \"created\") VALUES ('"+IdParam+"','"+categoryParam+"','"+questionParam+"','"+answerParam+"', '"+sequence+"', '"+ session.getAttribute("theName")+"', '"+dateString+"')   ");
  }
ResultSet columns = statement.executeQuery("SELECT * FROM FAQ");
while(columns.next()) {
    String Id  = columns.getString("Id");
    String category  = columns.getString("category");
    String question  = columns.getString("question");   
    String answer = columns.getString("answer");
    String userId  = columns.getString("userId");   
    String created = columns.getString("created");
    Integer sequence = columns.getInt("sequence");

The jsp falls over with error regarding sequence as It cant convert between String to Integer and Int to Integer.

I've been looking at examples, but obviously I arent declaring the sequence value as an Integer properly.

Any advice would be appreciated
Cheers Rob

java-jsp

4 Contributors
7 Replies
2K Views
5 Months Discussion Span
Latest Post 16 Years Ago Latest Post by haoyou2008

jwenting 1,889 duckman

16 Years Ago

yes, NEVER use Java scriptlets in JSP code.
NEVER do database operations from JSP.
ALWAYS use PreparedStatement for database operations.
ALWAYS use parameterised queries for database operations.

So basically restart from scratch.

jwenting 1,889 duckman

16 Years Ago

if you're really a university student you above all have to use your own judgement and think for yourself.
When presented with a bad example you should have the intelligence to detect that and not follow it blindly.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Robtyketto 0 Light Poster · Answer 1 · 2008-03-14T19:53:57+00:00

I have resolved the initial problem of inserting the field sequence as an integer instead of a string, I changed it form a string to an integer using the code below :-

String sequenceParam = request.getParameter("sequence");
	int sequence = Integer.parseInt(sequenceParam);

    statement.executeUpdate("INSERT INTO FAQ (\"category\", \"question\", \"answer\", \"sequence\", \"UserId\", \"created\") VALUES ('"+categoryParam+"','"+questionParam+"','"+answerParam+"', '"+sequence+"', '"+ session.getAttribute("theName")+"', '"+dateString+"' )");
  }

Is there a better method to use? Suprised to see I need to use '" around the value on the INSERT statement as I thought this was only for STRINGS??

Robtyketto 0 Light Poster · Answer 2 · 2008-03-15T17:32:55+00:00

Thanks for the advice I have done the following two:-

ALWAYS use PreparedStatement for database operations.
ALWAYS use parameterised queries for database operations.

Unfortunately I wont be doing the other points
:-( , I'm a university student and have to follow the module structure and have to do the other things.

Thanks for the advice
Rob

Robtyketto 0 Light Poster · Answer 3 · 2008-03-16T01:53:52+00:00

I do understand what youre saying but due to the fact I'm against very tight deadlines, I need to go for the marks i.e. get the primary requirements finished, which unfortunately means I dont have the time to rewrite and re-test all of my code.

Much like many modules I've done I wish I had more time to investigate/explore more (12 wks modules).

Thanks for you input it hasnt fallen on death ears.

nitya_k83 0 Newbie Poster · Answer 4 · 2008-07-29T13:50:24+00:00

int IdParam = Integer.pasrseInt(request.getParameter("Id"));
I think,the above syntex will be solved ur problem.
Subhajit Majumder

haoyou2008 -4 Newbie Poster · Answer 5 · 2008-09-09T12:39:23+00:00

humm you sould use preparedStatement
instead of statement.executeUpdate
and to #7
your code do not check exception .....