using a servlet to add values to database

I'm new to servlet use, so please forgive my ignorance. I developed a class that inserts values to a table in a DB and I'd like to use the method InsertValue in a servlet, so that the values entered in the form would be inserted directly in the table.

If, somehow that helps, here's the code of the InsertValue method :

public class InsetValue {
{

try开发者_如何学Go {
    Statement stmt; 
    Connectionx cx = new Connectionx();
    Connection con= cx.Connexion("com.mysql.jdbc.Driver","jdbc:mysql://localhost/jiradb4.3","root","root");        
    stmt = (Statement) con.createStatement();

    int ID = 10200;
    String s = new String("PAYROLL");
    String url = new String("");
    String lead = new String ("amira.jouida");
    String desc = new String ("projet payroll");
    String key = new String ("PROLL");
    int pcount = 0;
    int asstype = 2;
    int avatar = 10011;

    stmt.executeUpdate("INSERT INTO project " +" VALUES ('"+ ID +"','"+ s +"','"+ url +"','"+ lead +"','"+ desc +"','"+ key +"','"+ pcount +"','"+ asstype +"','"+ avatar +"');");
    stmt.close();

    System.out.println ("Done");
         }
        catch (SQLException ex) {

          }    

   }
}

This works perfectly for me. I red some documents about servlets, but I’m still wondering how to handle this issue.

Thanks for your help. Regards

You have SQL Injection in your code. You should use Prepared statements.

Your Servlet will provide the functions 'doGet' and 'doPost'.

Both have parameters 'request' and 'response'.

Call your servlet with your browser and 'doGet' is called. To create a page write some HTML code to the response.

response.getWriter().print(SOME HTML);

This page should contain a form with fields (e.g. 'lead'). The submit button of the form may call the servlet again. If submit method is POST 'doPost' is called.

You can get values of the form by the field name :

String lead = request.getParameter("lead");

And now you are ready to execute your prepared statement... basic stuff!

What's Connectionx?

If you are developing a web application and deploying it into a web server, you should be using connection pooling provided by the server.