Something Wrong With My SQL Statement

Printable View

10-21-2011, 12:06 AM
Dcalladi

Something Wrong With My SQL Statement

Code:

try { DriverManager.registerDriver(new com.mysql.jdbc.Driver()); Connection conn = DriverManager.getConnection("jdbc:mysql://samp.inf.brad.ac.uk/dcalladi", "dcalladi", "Dannys21"); conn.createStatement().executeUpdate("UPDATE Test_items SET Barcode =" + changeBarcode + ", Name =" + changeName + " , Cost =" + changePrice + " where Id ="+id+""); } catch (Exception ex) { System.err.println("SQLException: " + ex.getMessage()); }

i am using this code to try and update a SQL database but get an error. all the variables are correct at i used breakpoints stepping through to check them. i am getting this error can anyone help?

SQLException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Chilli Sauce, Cost =1.75 where Id =1' at line 1
10-21-2011, 07:54 AM
sasi040

Re: Something Wrong With My SQL Statement

hi,
try this query
String q = "UPDATE Test_items SET Barcode ='"+ changeBarcode +"', Name ='"+ changeName +"',Cost =" + changePrice +"where Id ="+id+"";
10-21-2011, 09:12 AM
pbrockway2

Re: Something Wrong With My SQL Statement

Or use a PreparedStatement, illustrated in Oracle's Tutorial.
10-21-2011, 09:44 AM
Anveshan

Re: Something Wrong With My SQL Statement

try using single quotes....
10-21-2011, 10:52 AM
pbrockway2

Re: Something Wrong With My SQL Statement

Quote:

Originally Posted by Anveshan

try using single quotes....

That's what sasi was getting at (#2).

It looks like the sort of sql statement that is going to be executed often as item details change. And things like changeName could be given evil values. So why not a PreparedStatement?