Develop Reference

Syntax error in delete statement

I am trying to delete the record from my "student" table, the table has two column rollno and student name.
I am using a PreparedStatement but I am getting some error. I could not understand the error. The error is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?' at line 1
here is my code
String query = "delete from student where rollno = ?";
PreparedStatement pst = con.prepareStatement(query);
pst.setInt(1, 7);
pst.executeUpdate(query);

Likely you are calling the execute like this:
pst.executeUpdate(query);
This will execute the raw query, without the parameter you set before.
You want to execute the prepared query instead, so just use:
pst.executeUpdate();

mysql preparedStatement : sql query

I have a preparedStatement for select query in mySQL.
this is what I wrote:
String sQuery = "SELECT Password FROM test WHERE Email = ?";
st = DB.prepareStatement(sQuery);
st.setString(1, email);
ResultSet rs = st.executeQuery(sQuery);
but i'm getting an exception from the glassfish server that says:
Severe: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException:
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '?' at line 1
I don't understand what is the problem.. all the samples i saw, use that syntax..

You must call st.executeQuery(), without the query as argument. The query has already been passed to the statement when it was prepared.
See http://docs.oracle.com/javase/7/docs/api/java/sql/PreparedStatement.html#executeQuery%28%29

st.executeQuery() i.e. no param to executeQuery

Update command with special SQL keywords in JDBC

I am trying a update an entry in my SQL table which has a column name "from" in JDBC.
Following is the SQL command that I am trying to execute:
sql = "Update email_template set [from]="+"'"+3+"'"+" WHERE id="+idno;
stmt.executeUpdate(sql);
However it shows the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[from]='Akshit' WHERE id=1' at line

MySQL's way of escaping column names is by using backticks:
sql = "Update email_template set `from`="+"'"+3+"'"+" WHERE id="+idno;

I recommend using java.sql.PreparedStatement when handling SQL in Java. It can be used for batches and ensures malicious SQL is not injected as part of the SQL code.
This is how your code looks with a PreparedStatement:
PreparedStatement stmt = connection.prepareStatement("UPDATE `email_template` SET `from` = ? WHERE id = ?");
stmt.setInt(1, 3);
stmt.setInt(2, idno);
stmt.executeUpdate();
If this is an operation you execute for many rows in one go, replace stmt.executeUpdate() with stmt.addBatch() (likely in some loop) and when you're ready to execute the batched updates you call stmt.executeBatch().
Note that both executeUpdate() and executeBatch() return how many rows were affected; which is something you may want to validate after a commit.

A sql update query in java where column names are taken dynamically

In my java program i am altering every column of every row and it is in for loop. So the column name changes as the loop increments. Once the changes are made to the column, i want to update it in the database. I have written update query as below.
String query1="update test1.attendence set"+ colname +"= ? where id=?";
PreparedStatement pst=conn.prepareStatement(query1);
pst.setString(1, attchanged);
pst.setInt(2, rownum);
int result=pst.executeUpdate();
here colname is a variable which contains the name of the column.
attchanged is the column value after altering it.
rownum is the id attribute of the row
When i execute it i am getting error in syntax.
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your
SQL syntax; check the manual that corresponds to your MySQL server version for the
right syntax to use near '= null where id=2' at line 1
Can you tell me the correct syntax to be written here.

looks like you need a space between set and colname
String query1="update test1.attendence set "+ colname +"= ? where id=?";
PreparedStatement pst=conn.prepareStatement(query1);
pst.setString(1, attchanged);
pst.setInt(2, rownum);
int result=pst.executeUpdate();
make sure colname is seriously input validated or super safe to use so you dont open yourself up to sql injections

It looks like your attchanged is null. I would use a debugger to find the mistake.

tried to use the correct format.
String query1=("update test1.attendence set= ? where...");

issue in query with preparedstatement in java with mysql

in query "_latin" is getting concatenated before every param
java code :
PreparedStatement prepStmt = null;
QueryString = "SELECT FROM Student WHERE username=? AND password=? ";
prepStmt=con.prepareStatement(QueryString);
prepStmt.setString(1,un);
prepStmt.setString(2,pwd);
ResultSet rs;
System.out.println(prepStmt);
rs = prepStmt.executeQuery();
error :
java.sql.SQLException: [MySQL][ODBC 5.1 Driver][mysqld-5.5.24-log]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM Student WHERE username=_latin1'wow' AND password=_latin1'hell'' at line 1
why its happening , whats the solution
and this is table :

You are missing the column list from your query. You have to either specify explicitly the columns you want, or retrieve all via wildcard. Instead of:
SELECT FROM Student WHERE username = ? AND password = ?
You want something like:
SELECT * FROM Student WHERE username = ? AND password = ?
Note that its almost always better to explicitly define the columns you want to retrieve, rather than using the wildcard expression.