-2

Error:

Exception caught : java.sql.SQLException: Incorrect integer value: '[Ljava.lang.String;@26fd19c6' for column 'dedId' at row 1 The database could not be connected

Program:

public void updateDeduction(int empId, String[] dedId, String dedName, String dedDate, String dedAmount) throws SQLException{
    stmt = conn.createStatement();
    String updateString="INSERT INTO deductions (empId,dedId,dedName,dedDate,dedAmount) VALUES (";
    updateString +="'"+empId+"', ";
    updateString +="'"+dedId+"', "; 
    updateString +="'"+dedName+"', ";
    updateString +="'"+dedAmount+"', ";
    updateString +="CURDATE())" ;
    stmt.executeUpdate(updateString); 
    return;
}
Improve this question
4
  • 3
    Little Bobby Tables alert! - don't concatenate together your SQL statements - that's just asking for trouble.... Commented Jan 16, 2013 at 19:46
  • I dont get it that why is the SQL exception showing? Commented Jan 16, 2013 at 19:56
  • Zain check this out :) +1 @marc_s Commented Jan 16, 2013 at 21:24
  • i tried that out but its giving me the same error. Commented Jan 17, 2013 at 4:11

1 Answer 1

Reset to default
2

Parameter dedid is an array of strings. When you executed 

updateString +="'"+dedId+"', ";

it was converted to the string [Ljava.lang.String;@26fd19c6.

You need to figure out which of the array elements you want to use.

As others have commented, building a statement by concatenating user-provided text like this is a sure way to get hacked via SQL Injection. You should be using PreparedStatement instead, with placeholders, i.e. 

INSERT INTO deductions (empId,dedId,dedName,dedDate,dedAmount) VALUES (?,?,?,?,?)
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

With regards to SQL injection and using PreparedStatment, will it automatically strip out any unsafe characters or is that still left up to the programmer?
The presence of "unsafe characters" is immaterial as the values do not get substituted into the SQL literal. They go directly into the text value and cannot modify the SQL.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.