Hi guys

I have been attempting to get my software to create new records in my database. For some reason something that should be simple is telling me my syntax is wrong on this line

String ex = "INSERT INTO `client_net_score`.`brands` (`id`, `brand`) VALUES (NULL, '"+bra+"');";

so the string ends up like this INSERT INTO `client_net_score`.`brands` (`id`, `brand`) VALUES (NULL, 'tom');

that looks right to me but i keep getting the following error

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'tom' at line 1

Has anyone got any idea where i am going wrong here ?

Do not cobble together statements like this unless you want to allow SQL injection attacks to succeed or want seemingly "random" SQL syntax errors due to invalid characters. See PreparedStatement.

Hi thanks for your response I did as you said and changed it to a prepared statement and hey presto errors have gone , so thanks for that

This question has already been answered. Start a new discussion instead.