Something Wrong With My SQL Statement

[Dcalladi]

Java Code:

try {
            DriverManager.registerDriver(new com.mysql.jdbc.Driver());
            Connection conn = DriverManager.getConnection("jdbc:mysql://samp.inf.brad.ac.uk/dcalladi", "dcalladi", "Dannys21");
            conn.createStatement().executeUpdate("UPDATE Test_items SET Barcode =" + changeBarcode + ", Name =" + changeName + "
, Cost =" + changePrice + " where Id ="+id+"");
        } catch (Exception ex) {
            System.err.println("SQLException: " + ex.getMessage());
        }

i am using this code to try and update a SQL database but get an error. all the variables are correct at i used breakpoints stepping through to check them. i am getting this error can anyone help?

SQLException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Chilli Sauce, Cost =1.75 where Id =1' at line 1

[sasi040]

hi,
try this query
String q = "UPDATE Test_items SET Barcode ='"+ changeBarcode +"', Name ='"+ changeName +"',Cost =" + changePrice +"where Id ="+id+"";

[pbrockway2]

Or use a PreparedStatement, illustrated in Oracle's Tutorial.

[Anveshan]

try using single quotes....

[pbrockway2]

try using single quotes....

That's what sasi was getting at (#2).

It looks like the sort of sql statement that is going to be executed often as item details change. And things like changeName could be given evil values. So why not a PreparedStatement?