PDA

Click to See Complete Forum and Search --> : input from user........

webapp
November 20th, 2007, 02:29 AM
what changes do i need to make to take input from dos prompt instead of doing it from code?


import java.sql.*;

public class insertmsg
{
public static void main(String args[])
{


Connection con;
Statement stmt;
String createstring;


try{
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
}catch (java.lang.ClassNotFoundException e)
{
System.err.print("ClassNotFoundException : ");
System.err.println(e.getMessage( ));
}

try {
con=DriverManager.getConnection("jdbc:odbc:xxx");

stmt = con.createStatement();

stmt.executeUpdate("insert into message "+"values("seminar",2)");
//Resultset rs = stmt.executeQuery(query);

System.out.println("Table is updated successfully");

stmt.close( );
con.close( );
}
catch (SQLException ex) {
System.err.println("SQLException : " + ex.getMessage( ));
}


}
KrisSimonis
November 20th, 2007, 05:06 AM
Not that hard actually.. any input parameters that are given on a command prompt line are passed to your main method via those 'args' you got passed. ( never wondered what those are for? )

public static void main(String args[])

it's an array with every entry being seperated by space on the commandline.
So if you do:

C:\Program.exe Bugrit Millenium Shrimp 2

the args array would be something like:

{'Bugrit', 'Millenium', 'Shrimp', '2'}
webapp
November 20th, 2007, 06:11 AM
hi

I am aware about the array concept....... but how to write insert statement? so that it takes the values from command line?
KrisSimonis
November 20th, 2007, 07:47 AM
This is more a java question actually isntead of a database question..
ANYway.. there are 2 ways you can do this, the easy and non-secure method, where you just build a query string concating the values of the args array into the statement. This is VERY insecure, since it opens you up to SQL-Injection, which nowadays any script kiddie can do with plenty of tools, so I don't recommend this.
The second method is by creating a PreparedStatement and use the ? parameter in the insert for the values and then add the arguements into the statement as parameters. ( My java is rather rusty, and I got no java editor here, so I can't tell you EXACTLY how to do this, lookup in your java help how to do this precisely )
Your Insert statement would look like:


INSERT INTO Table VALUES(?,?)


and after your create statement, you'd add something like:


stmt.AddParameter(0, args[0])
stmt.AddParameter(1, args[0])


In this case, the values are added to your query via parameters, so your server will not get confused if someone put SQL in there.