I was trying to add details to table but it showing some SQL error
Query is:
t=st1.executeUpdate("insert into stdetails(regno,nam,cid,gender,HouseName,place,guardian,phone,photo,did,Emailid,sem) values("+ reg+",'"+ n +"',"+ c +",'"+g+"','"+ h+"','"+p+"','"+ guar +"','"+ph+"','"+pic+"',"+d+",'"+e+"',"+s+"");
Error is
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Your are missing the parentheses ) in the end of your query so it should look like :
t = st1.executeUpdate("...." + s + ")");
//----------------------------------^---
BUT
Instead of using this way, this can cause a syntax error like your case, and can cause an Sql Injection you have to use PreparedStatement.
there is error in your mysql syntax
String query="insert into stdetails (regno,nam,gender) values(?,?,?)";
PreparedStatement preparedStmt2 = con.prepareStatement(query);
preparedStmt2.setInt (1," ");
preparedStmt2.setString (2," ");
preparedStmt2.setString(3, " ");
preparedStmt2.execute();
like this you can add more columns also
Related
PreparedStatement posted = con.prepareStatement(
"INSERT INTO userdate (description, UUID) VALUES ('"+ desc + "','" + postuuid + "') ON DUPLICATE KEY UPDATE");
this is the error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''
this is the code I have, does anyone know waht might be wrong with this?
Check on MySQL docs for reference on DUPLICATE KEY UPDATE https://dev.mysql.com/doc/refman/8.0/en/insert-on-duplicate.html
The keyword "UPDATE" is not the absolute end of the statement. You need to specify the fields/values that will be updated
The following exception is thrown when ever I execute the following query
Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '-name, cpy-address, cpy-contact) VALUES('nauman','ahmad18',12)' at line 1
Query which is causing exception
String query="insert into company(cpy-name, cpy-address, cpy-contact)VALUES(?,?,?)";
Connection con=DataAccessLayer.getConnection();
PreparedStatement stat=con.prepareStatement(query);
stat.setString(1, cname);
stat.setString(2, caddress);
stat.setInt(3,x );
int rowsAffected = stat.executeUpdate();
You cannot use - in SQL queries. Escape the column names using ` back quote or back tick characters.
insert into company(`cpy-name`, `cpy-address`, `cpy-contact`)VALUES(?,?,?)
On another note, if the database is in your control, change to column names to use '_' rather '-'. Having illegal characters and quoting them is not a good practice.
Hope this helps!
As #uday said you should change column name or use
" ` "
You can't use dash - symbol in SQL query in case of column name so that rename your column name or use Escape ` both side of column name and table name.
I have a simple table having id(autoincrement) and name and i am trying to do a very simple insert query
if (connect != null) {
query = new StringBuffer("");
query.append("INSERT INTO ");
query.append("GROUP( ");
query.append("GROUP_NAME ");
query.append(") values (");
query.append("?)");
System.out.println(query.toString());
stmt = connect.prepareStatement(query.toString());
int i = 0;
stmt.setString(1, group.getGroupName());
records = stmt.executeUpdate();
}
but it gives me an exception with stacktrace:
2016-02-09T10:00:44.876+0500|Severe:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an
error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'GROUP(
GROUP_NAME ) values ('Hockey')' at line 1
I have searched about such problems but couldn't find a proper solution.
GROUP is a reserved word in MySQL.
Most of the reserved words in the table are forbidden by standard SQL as column or table names (for example, GROUP).
Preferably, you wouldn't use reserved words as identifiers at all, for exactly this reason. If you absolutely must, then use backticks ` to quote reserved words, as described in Section 9.2.1 of the MySQL Reference Manual.
You can't use GROUP as a name in MySQL unless it's enclosed in backticks:
INSERT INTO `group` (GROUP_NAME) VALUES (?)
So I am using SQL with phpMyAdmin. Now I want to make an update to my database with a prepared statement but doind it gives me the following error:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'autor='Lol' WHERE id=44' at line 1
And this is how my statement looks like:
command = connection.prepareStatement("UPDATE books SET name=? author=? WHERE id=?");
command.setString(1, name.getText());
command.setString(2, author.getText());
command.setInt(3, IDx);
command.execute();
Wat is wrong with the statement I have made? It should be working In my opinion.
You need to separate the updated fields in a comma like:
command = connection.prepareStatement("UPDATE books SET name=?, author=? WHERE id=?");
You forgot a comma before author
UPDATE books
SET name = ?, author = ?
WHERE id = ?
I have problems running this sql statement. It works fine if I run it in mysql but in java I get this error:
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '' at line 1
The database has an id(pk) autogenerated, varchar, int, varchar;
Can someone help me?
int i = statement.executeUpdate("INSERT INTO sala values('','"+ nume.getText() + "', "+ Integer.parseInt(capacitate.getText())+ ", '" + sunet.getText()+"'");
Don't just try to fix this code by tweaking the SQL as per adarshr's answer. You have a fundamental security problem here which you should fix right now. You're open to SQL injection attacks due to including user data directly in your SQL.
You should use a PreparedStatement, with the parameters declared as placeholders in the SQL, but then given values separately. Exactly how you'll do that will depend on your JDBC provider, but it'll look something like this:
// TODO: Fix the column names, and close the statement in a try/finally block
PreparedStatement pst = conn.prepareStatement(
"INSERT INTO sala (nume, capacitate, sunet) VALUES (?, ?, ?)");
pst.setString(1, nume.getText());
pst.setInt(2, Integer.parseInt(capacitate.getText()));
pst.setString(3, sunet.getText());
pst.executeUpdate();
Note that if you can get capacite in a way which doesn't require integer parsing, that would be good. Otherwise, consider using NumberFormat which is more locale-friendly. Also note that I've added the column names into the SQL to make this more robust in the face of schema changes.
You haven't closed your query.
int i = statement.executeUpdate("INSERT INTO sala values('','"+ nume.getText() + "', "+ Integer.parseInt(capacitate.getText())+ ", '" + sunet.getText()+"')");
^
But more than all this, you must use PreparedStatement as Jon suggested below.