Sayantan Chandra
Sayantan Chandra

Reputation: 79

sql command not properly ended error

This is my code to update student attendance.But during execution this method returns SQL COMMAND NOT PROPERLY ENDED ERROR.

private void updateAttendance(){
        MyQuery mq=new MyQuery();
        Connection con=mq.getConnection();
        Statement st;
        ResultSet rs;
        try{
            st=con.createStatement();
            rs=st.executeQuery("Select STU_ID FROM STUDENT WHERE NAME='"+cmbName.getSelectedItem()+"'");
            if(rs.next()){
                //System.out.println("getting student name");
                int id=rs.getInt("STU_ID");
                String sql="UPDATE STUDENT SET SUBJECT='"+cmbSub.getSelectedItem()+"',ATTENDANCE='";
                //sql+="ATTENDANCE='"+"";
                if(rdbtnPresent.isSelected())
                    sql+= "'"+Atdnc[0]+"',";
                else
                    sql+= "'"+Atdnc[1]+"',";
                sql+="WHERE STU_ID='"+id+"'";
              st.executeUpdate(sql);
                //cmbName.removeAllItems();
            }

        }catch(SQLException ex){
            Logger.getLogger(Student.class.getName()).log(Level.SEVERE, null, ex);
        }

    }

Upvotes: 0

Views: 149

Answers (2)

Sachu
Sachu

Reputation: 7766

In update statement single quotes are using two times remove ' from ATTENDANCE='";

try below

String sql="UPDATE STUDENT SET SUBJECT='"+cmbSub.getSelectedItem()+"',ATTENDANCE=";
if(rdbtnPresent.isSelected())
   sql+= "'"+Atdnc[0]+"'";
else
   sql+= "'"+Atdnc[1]+"'";
sql+="WHERE STU_ID='"+id+"'";

I strongly recomment to use parameterized query to avoid SQL INJECTION

Upvotes: 0

Enjy
Enjy

Reputation: 255

Remove the quote (') from ATTENDANCE='";

Remove comma after Atdnc[0] and Atdnc[1] because your code puts a comma before where clause.

If stud_id is a number, then you should not set id with a quote ('). Make sure there is a space before where. An example (you can print your sql to see restitution):

String sql="UPDATE STUDENT SET SUBJECT='"+cmbSub.getSelectedItem()+"', ATTENDANCE=";
if(rdbtnPresent.isSelected())
   sql+= "'"+Atdnc[0]+"'";
else
   sql+= "'"+Atdnc[1]+"'";
sql+=" WHERE STU_ID="+id;

Upvotes: 1

Related Questions