String sql = "update Products set ProductName = ?, where ID = ? ";
try{
pst = conn.prepareStatement(sql);
pst.setString(1, Product.getText());
pst.setString(2, ID.getText());
pst.executeUpdate();
JOptionPane.showMessageDialog(null, "Success");
UpdateJTable();
}
catch(Exception e){
JOptionPane.showMessageDialog(null, e);
}
Please Again Help me Out of this error. why there's an error on my code.? I follow all the instruction on youtube, but i makes an error. i used 6.9 netbeans.
You added a comma at SQL statement which is not valid.
String sql = "update Products set ProductName = ?, where ID = ? ";
|-remove this comma
Related
When I click on the Create button to add a supplier record in to my database, I receive the above error message.
Can someone help me where did I went wrong: is there something wrong with the insert statement.
private void jbtnCreateActionPerformed(java.awt.event.ActionEvent evt) {
try {
String sql = "INSERT INTO supplier"
+"(Full Name, Address Line 1, Address Line 2, Post Code, Email Address, Phone Number)"
+"VALUES (?,?,?,?,?,?)";
connection = DriverManager.getConnection("jdbc:mysql://localhost/inventory management", "root", "");
ps = connection.prepareStatement(sql);
ps.setString(1, txtname.getText());
ps.setString(2, txtaddressline1.getText());
ps.setString(3, txtaddressline2.getText());
ps.setString(4, txtpostcode.getText());
ps.setString(5, txtemail.getText());
ps.setString(6, txtphone.getText());
ps.executeUpdate();
JOptionPane.showMessageDialog(null, "Supplier Added");
} catch(SQLException | HeadlessException ex) {
JOptionPane.showMessageDialog(null, ex);
}
}
You have whitespaces in the column names (as well as in the connection string) which is not allowed. If you really need to use column names with spaces, put them in backticks:
String sql = "INSERT INTO supplier"
+"(`Full Name`, `Address Line 1`, `Address Line 2`, `Post Code`, `Email Address`, `Phone Number`)"
+"VALUES (?,?,?,?,?,?)";
However, it would be better to use snake case for the column names: full_name, etc.
I have been trying to add values to a table named bill_items and this is the coding for the button "add to cart" but it shows and error saying "Unknown column Jacket in field list. What is wrong in this coding?
try {
rs = stmt.executeQuery("select * from mens_wear where Item_code = 1090;");
while(rs.next()){
icode = rs.getInt("Item_code");
p = rs.getInt("Price");
bname = rs.getString("Brand_Name");
iname = rs.getString("Item_Name");
t = rs.getString("Type");
}
rs.close();
stmt.close();
con.close();
} catch(Exception e)
{JOptionPane.showMessageDialog(null,e.getMessage());}
try {
Class.forName("java.sql.Driver");
con = DriverManager.getConnection("jdbc:mysql://localhost/aashita","root","1510");
stmt = con.createStatement();
int a = stmt.executeUpdate("insert into bill_items values('"+icode+"','"+t+"','"+bname+"','"+iname+"','"+p+"');");
JOptionPane.showMessageDialog(null,"Added Successfully");
} catch(Exception e) {
JOptionPane.showMessageDialog(null,e.getMessage());
}
}
It is a bad practice to not specify column names in an insert and depend on table column order. There could also be an issue with escaping of your query string if any of your values contain quotes. I would try adding the column names and using a prepared statement with parameters.
string updateText = "insert into bill_items (Item_code, Type, Brand_Name, Item_Name, Price) ";
updateText += "values (?, ?, ?, ?, ?)";
PreparedStatement stmt = con.prepareStatement(updateText);
stmt.setInt(1, icode);
stmt.setString(2, t);
stmt.setString(3, bname);
stmt.setString(4, iname);
stmt.setInt(5, p);
int a = stmt.executeUpdate();
Currently making a java program that grabs data off of a MSAccess Database and some of these errors are extremely frustrating. I keep getting this SQL.Exception : Too few parameters. Expected 1 error on the last remaining bugs in this program.
Little background on the db: It has 3 tables (A player table (11 columns), a team table (3 columns), and an Opponent table (6 columns).
These are both of the functions and I am fairly certain the problem lies in here somewhere
conn = Connect.ConnectDB();
String sql = "insert into Player ("+"PlayerLastName,"+"PlayerFirstName,"+"Position)"+ "values("+txtid.getText()+ ",'"+txtname.getText()+"','"+txtaddress.getText()+"')" ;
try{
pst = conn.prepareStatement(sql);
pst.executeQuery();
pst.setString(1, txtid.getText());
pst.setString(2, txtname.getText());
pst.setString(3, txtaddress.getText());
JOptionPane.showMessageDialog(null, txtid.getText() + " Saved");
UpdateJTable();
//conn.close();
}
catch(Exception e){
JOptionPane.showMessageDialog(null, e);
}
or this function
String sql = "select * from Player where PlayerLastName = " +txtid.getText()+ "";
String pine = null;
try{
pst = conn.prepareStatement(sql);
ResultSet res;
res = pst.executeQuery();
pine.equalsIgnoreCase(jTable1.getModel().getValueAt(rowsu, 10).toString());
while(res.next()){
JOptionPane.showMessageDialog(null, txtname + " " + txtid.getText() + " has a total of " +"4");//+ pine);//res.getInt("Penalties") );
}
UpdateJTable();
}
catch(Exception e){
JOptionPane.showMessageDialog(null, e);
}
For one thing, it looks like you're missing single quotes around the last name in the insert statement.
There may be other errors as well, that's just the first thing I noticed.
This should be pretty easy to debug if you just log the sql string before executing it.
EDIT
I think your calls to setString() are also a problem. Here is how you should do this:
conn = Connect.ConnectDB();
String sql = "insert into Player (PlayerLastName, PlayerFirstName, Position) values(?, ?, ?)";
try{
pst = conn.prepareStatement(sql);
pst.setString(1, txtid.getText());
pst.setString(2, txtname.getText());
pst.setString(3, txtaddress.getText());
pst.execute();
JOptionPane.showMessageDialog(null, txtid.getText() + " Saved");
UpdateJTable();
//conn.close();
}
catch(Exception e){
JOptionPane.showMessageDialog(null, e);
}
I am trying to insert data a user enters into a jtextfield into an msaccess database. When I try to execute my sql statement I get an error stating Syntax error in INSERT INTO statement.
I checked my sql statement and tried a few different things but cannot seem to find any kind of syntax error.
conn = Connect.ConnectDB();
String sql = "insert into Team ("
+"TeamID,"
+"TeamCity,"
+"TeamMascot,"
+ "values("+txtid.getText()+ ",'"+txtname.getText()+"','"+txtaddress.getText()+"')" ;
try{
pst = conn.prepareStatement(sql);
pst.execute();
JOptionPane.showMessageDialog(null, "Entry " + txtid.getText() + " Saved");
UpdateJTable();
//conn.close();
}
catch(Exception e){
JOptionPane.showMessageDialog(null, e);
}
The error is the extra comma and no closing parenthesis before the keyword values
String sql = "insert into Team ("
+"TeamID,"
+"TeamCity,"
+"TeamMascot," // <<== HERE, change comma into closing parenthesis
By the way, your statement is vulnerable with SQL Injection. You can avoid it if you parameterized the values. Eg,
String sql = "insert into Team (TeamID,TeamCity,TeamMascot) values (?, ?, ?, ?)"
pst = conn.prepareStatement(sql);
pst.setString(1, txtid.getText());
pst.setString(2, txtname.getText());
pst.setString(3, txtaddress.getText());
PreparedStatement
So far I have been able to insert data into my SQL table only when i declare values inside the executedUpdate statement. What I wanted to know if there is a way that I can pass those values as variables that I will declare as parameters in the executing method like so:
public void updateSQL(String name, String dnsName, String ipV4, String ipV6, int statusCode)
{
try
{
Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
Connection connection = DriverManager.getConnection("jdbc:sqlserver://servername;database=databasename;integratedSecurity=true");
System.out.println("Database Name: " + connection.getMetaData().getDatabaseProductName());
Statement statement = connection.createStatement();
statement.executeUpdate("INSERT INTO ComputerStatus(Name, DNSName, IPAddressV4, IPAddressV6, StatusCodeID)" + "VALUES(#Name, #DNSName, #IPAddressV4, #IPAddressV6, #StatusCodeID)");
System.out.println("Data Inserted");
ResultSet resultSet = statement.executeQuery("SELECT Name FROM ComputerStatus");
while(resultSet.next())
{
System.out.println("Computer Name: " + resultSet.getString("Name"));
}
connection.close();
}
catch (Exception e)
{
e.printStackTrace();
System.err.println("Problem Connecting!");
}
}
I've tried couple of different things but no luck so far. Anyone know if this can be done?
You may use PreparedStatement instead of Statement.
PreparedStatement stmt = connection.prepareStatement("insert into test (firstname, lastname) values (?, ?");
stmt.setString(1, name);
stmt.setString(2, lname);
stmt.executeUpdate();
Using this way, you prevent SQL injection.
Have a look here :
PreparedStatement prep = conn.prepareStatement("INSERT INTO ComputerStatus(Name, DNSName, IPAddressV4, IPAddressV6, StatusCodeID) VALUES(?, ?, ?, ?, ?)");
prep.setString(1, name);
prep.setString(2, dnsName);
prep.setString(3, ipV4name);
prep.setString(4, ipV6);
prep.setInt(5, statusCode);
prep.executeUpdate();
this will help you understand.