mysqlcssjspglassfishnetbeans-6.9

HTTP Status 500 - "The server encountered an internal error () that prevented it from fulfilling this request"

I'm working on web application using JSP. it is almost done. However, I'm facing a weird issue while using update command. I tried in all ways but no luck.

Below is the error message:

enter image description here

**HTTP Status 500 - 
type Exception report

message

The server encountered an internal error () that prevented it from fulfilling this request.

exception 
javax.servlet.ServletException: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''desc'='<h1 style="text-align: center;">
    cv cfv sdfbgdfbg</h1>', sub_by='SP526' at line 1

root cause 
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''desc'='<h1 style="text-align: center;">
    cv cfv sdfbgdfbg</h1>', sub_by='SP526' at line 1

note The full stack traces of the exception and its root causes are available in the GlassFish Server Open Source Edition 3.0.1 logs.
GlassFish Server Open Source Edition 3.0.1**

My Code is as below :

*<%

    String sr=request.getParameter("kt");
    String title=request.getParameter("kt1").trim();
 //  out.println("title"+title);
    String d=request.getParameter("kt2").trim();
   // out.println("description"+d);
    String assignee=request.getParameter("kt3");
   // out.println("Assignee"+assignee);
   java.sql.Timestamp sqlNow=new java.sql.Timestamp(new java.util.Date().getTime());
  //  out.println("date"+sqlNow);

     try{
 Class.forName("com.mysql.jdbc.Driver");
        }

catch (Exception e)
    {
    out.println("<script> alert('Something went wrong')</script>");
    }      
    java.sql.Connection el=DriverManager.getConnection("jdbc:mysql://localhost/kt","root","");

    Statement ed=el.createStatement();
    String aa="update add_kt set title='"+title+"', desc='"+d+"', sub_by='"+assignee+"', Last_mod='"+sqlNow+"' where sr='"+sr+"' ";
     ed.executeUpdate(aa);    

        out.println("<script> alert('Data has been updated')</script>");
   out.println("<a href='admin_page.jsp'>Go to Previous Page</href>");



    %>*

After clicked on submit button its encountered "Error HTTP Status 500".

Solution

  • Use preparedStatement instead of createStatement. Hence, your code will looks like this.

    String query = "update add_kt set title=?, desc=?, sub_by=?, Last_mod=? where sr=?;<br>
PreparedStatement pst = el.prepareStatement(query);<br>
pst.setString(1,title);<br>
pst.setString(2,d);<br>
pst.setString(3,assignee);<br>
pst.setString(4,sql_now);<br>
pst.setString(5,sr);<br>
pst.executeUpdate();

    PS: Always use PrepareStatement when u have complex query builder concatenation.