CODEWITHSUNDEEP
javamysqljspjdbc
Kuges
Kuges

Reputation: 11

jsp mysql inserting error

this is y inserting syntax 

String add="INSERT INTO time_table VALUES("+coursename+"','"+coursecode+"','"+days+"','"+year+"','"+dep+"','"+time+"','"+hall+"','"+lecturer+"','"+credithours+"')";

ERROR

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: 
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '','5','2','2','8','1','9','PA','2')' at line 1

that is what am receiving as an error.

Upvotes: 1

Views: 88

Answers (2)

Youcef LAIDANI
Youcef LAIDANI

Reputation: 60046

Don't ever use this way, it can cause Syntax error, ot SQL Injection, you have to use PreparedStatement instead for example :

String add = "INSERT INTO time_table VALUES(?, ?, ?, ?, ?,?,?,?,?)";

try (PreparedStatement insert = connection.prepareStatement(add)) {

    insert.setString(1, coursename);
    insert.setString(2, coursecode);
    insert.setString(3, days);
    insert.setString(4, year);
    insert.setString(5, dep);
    insert.setString(6, time);
    insert.setString(7, hall);
    insert.setString(8, lecturer);
    insert.setString(9, credithours);

    insert.executeUpdate();
}

Note if your attributes are int or float or date or ... in your table, then you have to use the correct set, for example if the year is an in you can use insert.setInt(4, year); instead.

Your real problem is in your query you miss ' here :

INSERT INTO time_table VALUES('" + coursename + "'
//----------------------------^

Upvotes: 2

Talha Kanyılmaz
Talha Kanyılmaz

Reputation: 76

I think correct version of your query is this :

"INSERT INTO time_table VALUES('"+coursename+"','"+coursecode+"','"+days+"','"+year+"','"+dep+"','"+time+"','"+hall+"','"+lecturer+"','"+credithours+"')";

you forgot ' in beginning of +coursename+

Upvotes: 3

Related Questions