using Transaction query in jsp page - sql

I use below query in my jsp page. but I'm not sure Is it true to use this query in jsp page.
int i = st.executeUpdate("'BEGIN TRANSACTION DECLARE #id [int] SELECT #id = SCOPE_IDENTITY() INSERT INTO Viewer(Reserve_ID, F_Name, L_Name, Competition_ID, City, Phone, [E-mail]) VALUES (#id, '" + fname + "','" + lname + "','" + 30 + "','" + city + "','" + phone + "','" + email + "' ) INSERT INTO Reservation_Inf(Reservation_Date, Competition_ID, NumberOfTicket, Position_ID) VALUES ('" + dNow + "','" + 30 + "','" + 1 + "','" + 8 + "' ) COMMIT TRANSACTION '" );
if (i > 0) {
response.sendRedirect("Success.jsp");
} else {
response.sendRedirect("Fail.jsp");
}
It gives this error :
Incorrect syntax near 'BEGIN TRANSACTION DECLARE #id [int] SELECT #id = SCOPE_IDENTITY() INSERT INTO Viewer(Reserve_ID, F_Name, L_Name, Competition_ID,'.

Related

insert oracle table using DateTimePicker value

Setting of nls_date_format: MM/DD/YY
Setting format of DateTimePicker: DateTimePickerFormat.Custom
As I know, date format is just used to display the date information, doesnot affect to storage of it in database.
However, I cannot insert date into table with below query statements
query = "INSERT INTO tuser (objectID, userID, userName, password, birthday) values (urObjID.nextval,'" + txtUserID.Text.Trim() + "','" + txtUserName.Text.Trim() + "','" + txtPassword.Text.Trim + "','" + dtpBirthday.Value + "')" 'Insert directly Date value from DateTimePicker
and
query = "INSERT INTO tuser (objectID, userID, userName, password, birthday) values (urObjID.nextval,'" + txtUserID.Text.Trim() + "','" + txtUserName.Text.Trim() + "','" + txtPassword.Text.Trim + "','" + dtpBirthday.Value.ToString("dd/MM/yyyy") + "')" 'Insert string value with format dd/MM/yyyy
But can insert date into table with below queries
query = "INSERT INTO tuser (objectID, userID, userName, password, birthday) values (urObjID.nextval,'" + txtUserID.Text.Trim() + "','" + txtUserName.Text.Trim() + "','" + txtPassword.Text.Trim + "','" + dtpBirthday.Value.ToString("dd-MMM-yyyy") + "')" 'Insert string value with format dd-MMM-yyyy
and
query = "INSERT INTO tuser (objectID, userID, userName, password, birthday) values (urObjID.nextval,'" + txtUserID.Text.Trim() + "','" + txtUserName.Text.Trim() + "','" + txtPassword.Text.Trim + "',TO_DATE('" + dtpBirthday.Value.ToString("dd-MMM-yy") + "'))" 'Insert date value using TO_DATE function
Is there any differences between above statements that make the query work?
You should use none of your statements, use parameters and bind variables.
query = "INSERT INTO tuser (objectID, userID, userName, password, birthday) values (urObjID.nextval, :userID, :userName, :password, :birthday)"
cmd.CommandText = query
cmd.Parameters.Add("userID", OracleDbType.Varchar2, ParameterDirection.Input).Value = txtUserID.Text.Trim()
cmd.Parameters.Add("userName", OracleDbType.Varchar2, ParameterDirection.Input).Value = txtUserName.Text.Trim()
cmd.Parameters.Add("password", OracleDbType.Varchar2, ParameterDirection.Input).Value = txtPassword.Text.Trim
cmd.Parameters.Add("birthday", OracleDbType.Date, ParameterDirection.Input).Value = dtpBirthday.Value

I can't insert a record in database: "Invalid Column Name"

create PROCEDURE [dbo].[pro_InsertRecord]
#table varchar(30) ,
#field varchar(max) ,
#value varchar(max)
AS
SET NOCOUNT ON
BEGIN
EXEC('INSERT INTO ' + #table + '(' + #field + ') VALUES ( '+ #value +')')
END
I can't insert a record in database but i receive an insert error message as "Invalid Column Name"
my code:
string fieldnames = "Login_UserName, Login_Password, Login_Role_Id";
string fieldvalues = UserName +"','" + Password + "'," + Role ;
com.Common.InsertRecord("Login", fieldnames, fieldvalues);
Instead of
string fieldvalues = UserName +"','" + Password + "'," + Role ;
use
string fieldvalues = "'" + UserName + "','" + Password + "'," + Role ;

update/assign a user an empID in Users table

I want to update/assign a user an empID in Users table. My Update below update all rows/users with the empID and not just the selected user(cbArea.Text).
string update = "Update Users set First= '" + this.txtFirst.Text + "', empID =(SELECT DISTINCT ID from Employer where area= '" + this.cbArea.Text + "') WHERE First= '" + this.txtFirst.Text + "'" ;
First= '" + this.txtFirst.Text already in WHERE clause. When removed from set it works fine.

Getting Error: Column does not exist

When adding rows to a table I am getting Error: column does not exist and I am not sure why. I know the table does and it is fairly straight forward. Here is what I have to add and here is what the table looks like. Any help would be great and let me know if you have any questions. Thanks!
Whatever value I have in emailField it is giving me the error that emailfield column does not exist
final String addemployee = "insert into employee values ('" + name_field.getText() + "', '" + usersSuper.getText() + "', '" + true + "' , md5('" + passwordField.getText() + "') , " + emailField.getText() + ");";
Here is the table
CREATE TABLE employee
(
name text NOT NULL,
manageremail text,
isadmin boolean NOT NULL,
userpassword text NOT NULL,
email text NOT NULL,
CONSTRAINT "user_Email" PRIMARY KEY (email)
)
Try
final String addemployee = "insert into employee values ('" + name_field.getText() + "', '" + usersSuper.getText() + "', '" + true + "' , md5('" + passwordField.getText() + "') , '" + emailField.getText() + "');";
You've missed quotes around emailField.getText()? it should be '" + emailField.getText() + "'

SQL UPDATE doesn't work with foreign languages (Arabic)

the UPDATE gives ???? if the updater field was written in Arabic and this is my query:
UPDATE students
SET first_name = 'الاسم' , last_name = 'الاسم الاخير' ,
father_name = 'الاسم الاخير' , mother_name = '',
birth_date = '1/1/1990 12:00:00 AM' , education_level = '' ,
address = '' , notes = ''
WHERE student_id = 33
And here is the result of the update:
student_id first_name last_name mother_name father_name birth_date
33 ????? ????? ?????? ??????????? 1990-01-01
//the answer is great and thank you people, another question is that I am using this UPDATE syntax in my C# program
command.CommandText = "UPDATE students SET " +
"first_name = " + "'" + first_name + "'" + " , last_name = " + "'" + last_name + "'" +
" , father_name = " + "'" + father_name + "'" + " , mother_name = " +
"'" + mother_name + "'" + ", birth_date = " + "'" + birth_date + "'" +
" , education_level = " + "'" + education_level + "'" +
" , address = " + "'" + address + "'" + " , notes = " + "'" + notes + "'" +
" WHERE student_id = " + id ;
//how to use the character N
You have forgotten the N prefix before your string literals which is required so they will be treated as nvarchar rather than varchar
SET first_name = N'الاسم' etc.
without that the text is coerced into whatever characters the code page of your default collation can deal with.
Create the database with this collation Arabic_CI_AS, you won't need to put N before the Arabic characters.