Hi guys

I have been attempting to get my software to create new records in my database. For some reason something that should be simple is telling me my syntax is wrong on this line

String ex = "INSERT INTO `client_net_score`.`brands` (`id`, `brand`) VALUES (NULL, '"+bra+"');";

so the string ends up like this INSERT INTO `client_net_score`.`brands` (`id`, `brand`) VALUES (NULL, 'tom');

that looks right to me but i keep getting the following error

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'tom' at line 1

Has anyone got any idea where i am going wrong here ?

Recommended Answers

All 2 Replies

Do not cobble together statements like this unless you want to allow SQL injection attacks to succeed or want seemingly "random" SQL syntax errors due to invalid characters. See PreparedStatement.

Hi thanks for your response I did as you said and changed it to a prepared statement and hey presto errors have gone , so thanks for that

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.