How to handle Add button click event to save patient data in hospital management system?

by

Summary

Handling the Add button click event in a Java-based hospital management system involves capturing patient data from the form, validating it, and saving it to the MySQL database. The root cause of issues often lies in improper event handling, database connectivity, or exception management.

Root Cause

The provided code has several issues:

  • Hardcoded database credentials (root, 0000), posing a security risk.
  • Lack of input validation, leading to potential runtime errors (e.g., non-numeric values in patientid or patientAge).
  • Improper exception handling, where the HeadlessException is caught unnecessarily, and the SQLException is not logged or handled gracefully.

Why This Happens in Real Systems

  • Rushed development: Junior engineers often prioritize functionality over robustness.
  • Lack of security awareness: Hardcoding credentials is a common oversight.
  • Insufficient testing: Edge cases like invalid input are not always considered.

Real-World Impact

  • Data integrity issues: Invalid data may be saved to the database.
  • Security breaches: Exposed credentials can lead to unauthorized access.
  • Poor user experience: Unhandled exceptions crash the application or display cryptic error messages.

Example or Code (if necessary and relevant)

private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {
    try {
        // Validate input
        String pid = patientid.getText();
        if (!pid.matches("\\d+")) throw new NumberFormatException("Invalid patient ID");
        int patientId = Integer.parseInt(pid);

        String page = patientAge.getText();
        if (!page.matches("\\d+")) throw new NumberFormatException("Invalid age");
        int patientAge = Integer.parseInt(page);

        // Secure database connection
        String url = "jdbc:mysql://localhost:3306/HospitalManagementSystem";
        String user = "secureUser"; // Use a secure method to retrieve credentials
        String password = "securePass"; // Use a secure method to retrieve credentials
        Class.forName("com.mysql.cj.jdbc.Driver");
        try (Connection con = DriverManager.getConnection(url, user, password)) {
            String query = "INSERT INTO patient VALUES (?, ?, ?, ?)";
            PreparedStatement pstmt = con.prepareStatement(query);
            pstmt.setInt(1, patientId);
            pstmt.setString(2, patientName.getText());
            pstmt.setInt(3, patientAge);
            pstmt.setString(4, doctorName.getText());
            pstmt.executeUpdate();
        }
        JOptionPane.showMessageDialog(this, "Data Inserted Successfully");
    } catch (NumberFormatException e) {
        JOptionPane.showMessageDialog(this, "Invalid input: " + e.getMessage());
    } catch (ClassNotFoundException | SQLException e) {
        JOptionPane.showMessageDialog(this, "Database error: " + e.getMessage());
        e.printStackTrace(); // Log the exception
    }
}

How Senior Engineers Fix It

  • Input validation: Ensure all inputs are validated before processing.
  • Secure credentials: Use environment variables or a secure vault for database credentials.
  • Graceful error handling: Catch specific exceptions and provide user-friendly messages.
  • Logging: Log exceptions for debugging and monitoring.

Why Juniors Miss It

  • Lack of experience: Juniors may not anticipate edge cases or security risks.
  • Focus on functionality: They prioritize making the feature work over making it robust.
  • Limited exposure: Less experience with real-world system failures and their consequences.

Leave a Comment