0 
PreparedStatement posted = con.prepareStatement(
 "INSERT INTO userdate (description, UUID) VALUES ('"+ desc + "','" + postuuid + "') ON DUPLICATE KEY UPDATE");

this is the error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' this is the code I have, does anyone know waht might be wrong with this?

Mark Rotteveel
110k241 gold badges160 silver badges233 bronze badges
asked Apr 20, 2021 at 1:48
1
  • 1
    Do not concatenate values into a query string, it makes your code vulnerable to SQL injection. You need to properly parametrize your query by using parameters (?) instead of values. Commented Apr 21, 2021 at 7:54

1 Answer 1

1

Check on MySQL docs for reference on DUPLICATE KEY UPDATE https://dev.mysql.com/doc/refman/8.0/en/insert-on-duplicate.html

The keyword "UPDATE" is not the absolute end of the statement. You need to specify the fields/values that will be updated

answered Apr 20, 2021 at 1:55
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you this helped. This is my new code: PreparedStatement posted = con.prepareStatement("INSERT INTO userdata(description, UUID) VALUES ('"+desc+"', '"+postuuid+"') ON DUPLICATE KEY UPDATE description='"+ desc +"'");

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.