0

I am trying to create a java query to insert to MySQl but i keep getting errors. please see the code below. PS the connection to the DB is fine.

here is the query that is being called

public String newEmpInsert() {
 return newEmpInsert;
}
private String newEmpInsert = "INSERT INTO empInfo"
 + "(firstName, lastName, SSN, address, salary, pin, empLevel, contactInfo) "
 + "VALUES ("+firstName+", "+lastName+", "+SSN+", "+address+", "+salary+", "+pin+","+empLevel+", "+contactInfo+")";

here is the handler that is being called from the main 

 public void newEmpInsert() {
 // SQL Connection
 Connection conn = null;
 try {
 conn = MySQL_connection_test.getConnection();
 // Create a statement
 Statement statement = conn.createStatement();
 statement.executeQuery(queries.newEmpInsert());
 } 
 catch (SQLException e) {
 // TODO Auto-generated catch block
 //e.printStackTrace();
 System.out.println("--------->>Invalid query!!!!<<--------------");
 System.out.println("Your query has an error, please try again!!");
 }
 // Close the connection
 finally {
 try {
 conn.close();
 System.out.println("Database closed");
 } 
 catch (SQLException e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 }
 System.out.println("Database closed");
 }
}

every time i run a query i am getting the invalid query catch. the variables are being set properly within the class and everything.

asked Apr 24, 2014 at 2:05
1
  • 1
    Look at the exception. Try adding System.out.printnl(e.getMesasge()). The exceptions almost always include very relevant information. Commented Apr 24, 2014 at 2:09

4 Answers 4

1

Your issue here cause you build wrong sql statement. As i look on your code you missing single quote on text field. Also your approach build Statement not good, it is easy get failure with special character like ' or " and expose for sql inject attach. Try using prepare statement and bind parameters.

answered Apr 24, 2014 at 2:12
Sign up to request clarification or add additional context in comments.

Comments

1

Please change third row as VALUES and try to wrap your string values with single quotes.

private String newEmpInsert = "INSERT INTO empInfo"
+ "(firstName, lastName, SSN, address, salary, pin, empLevel, contactInfo) "
+ " VALUES ("+firstName+", "+lastName+", "+SSN+", "+address+", "+salary+", "+pin+", 
+ "+empLevel+", "+contactInfo+")";
answered Apr 24, 2014 at 2:10

4 Comments

No, that's not the case. The string literals were not wrapped with single quotes. But that's not the preferred way as it is vulnerable with sql injection. Parameterizing the values would be the best idea.
i had the string literals wrapped in single quotes as well at first just to try different things but that didnt have any effect on the result
Did you try by changing as VALUES
For MySQL, VALUE and VALUES are interchangeable.
0

You need to remove the + from the quoted string at the end of the third line and the beginning of the fourth line:

private String newEmpInsert = "INSERT INTO empInfo"
+ "(firstName, lastName, SSN, address, salary, pin, empLevel, contactInfo) "
+ "VALUE ("+firstName+", "+lastName+", "+SSN+", "+address+", "+salary+", "+pin+", "
 // added close quote at the end of the above line
+empLevel+", "+contactInfo+")";
 // plus sign and quote deleted at beginning of above line
answered Apr 24, 2014 at 2:18

Comments

0 
private String newEmpInsert = "INSERT INTO empInfo"
 + "(firstName, lastName, SSN, address, salary, pin, empLevel, contactInfo) "
 + "VALUES ("+firstName+", "+lastName+", "+SSN+", "+address+", "+salary+", 
"+pin+","+empLevel+", "+contactInfo")";
answered Jul 6, 2021 at 7:46

1 Comment

Your answer is the same as this one by Anura Adhikari, but with less explanation.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.