Hi guys

I have been attempting to get my software to create new records in my database. For some reason something that should be simple is telling me my syntax is wrong on this line

String ex = "INSERT INTO `client_net_score`.`brands` (`id`, `brand`) VALUES (NULL, '"+bra+"');";

so the string ends up like this INSERT INTO `client_net_score`.`brands` (`id`, `brand`) VALUES (NULL, 'tom');

that looks right to me but i keep getting the following error

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'tom' at line 1

Has anyone got any idea where i am going wrong here ?

7 Years
Discussion Span
Last Post by steveh000

Do not cobble together statements like this unless you want to allow SQL injection attacks to succeed or want seemingly "random" SQL syntax errors due to invalid characters. See PreparedStatement.

Edited by masijade: n/a


Hi thanks for your response I did as you said and changed it to a prepared statement and hey presto errors have gone , so thanks for that

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.