I am new to java and am trying to get used to the syntax and pushing data to a MySQL table. I am having this problem and can't figure what I have done wrong. When executing my update command it gives the following error.
java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''occupation' = 'cat' WHERE first_name = 'kevin' AND last_name = 'hudgens'' at line 1
at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:120)
at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
at com.mysql.cj.jdbc.ClientPreparedStatement.executeInternal(ClientPreparedStatement.java:953)
at com.mysql.cj.jdbc.ClientPreparedStatement.executeUpdateInternal(ClientPreparedStatement.java:1092)
at com.mysql.cj.jdbc.ClientPreparedStatement.executeUpdateInternal(ClientPreparedStatement.java:1040)
at com.mysql.cj.jdbc.ClientPreparedStatement.executeLargeUpdate(ClientPreparedStatement.java:1347)
at com.mysql.cj.jdbc.ClientPreparedStatement.executeUpdate(ClientPreparedStatement.java:1025)
at Driver.updateContact(Driver.java:172)
at Main.main(Main.java:119)
main file
System.out.println("Please enter the first name of the contact you want to update.");
first_name = input.nextLine();
System.out.println("Please enter the last name of the contact you want to update.");
last_name = input.nextLine();
System.out.println("Are you sure you want to update " + first_name + " " + last_name
+ "'s information. YES or NO");
String verifyUpdate = input.nextLine();
// lower for comparison
// verifyUpdate = verifyUpdate.toLowerCase();
if (verifyUpdate.equals("YES")) {
break;
} else if (verifyUpdate.equals("NO")) {
System.out.println(
"Please enter the correct first and last name of the contact you would like to update");
} else {
System.out.println("You didnt enter the correct answer. YES or NO");
}
}
// inform user what they can update
System.out.println("What would you like to update? Options are:"
+ "\nFIRST NAME \n LAST NAME \n PHONE NUMBER \n EMAIL \n OCCUPATION");
// Collect the choices
String updateColumnChoice = input.nextLine();
System.out.println("What would you like to update it to? ");
String updatedValue = input.nextLine();
driver.updateContact(first_name, last_name, updateColumnChoice, updatedValue);
here is the prepared statement
public static void updateContact(String first_name, String last_name, String updatedColumn,
String toBeUpdatedValue) {
try {
// Get connection to database
Connection myConn = DriverManager.getConnection(info);
// Create sql command for deleting
String query = "UPDATE contacts SET ? = '?' WHERE first_name = '?' AND last_name = '?' ";
PreparedStatement preparedStmt = myConn.prepareStatement(query);
preparedStmt.setString(1, updatedColumn);
preparedStmt.setString(2, toBeUpdatedValue);
preparedStmt.setString(3, first_name);
preparedStmt.setString(4, last_name);
// push prepared statement to the database
preparedStmt.executeUpdate();
// close the connection to the database
myConn.close();
} catch (Exception exc) {
exc.printStackTrace();
}
}
Any help on this would be greatly appreciated. Along with any general criticism on my code.
As far as I know, you can use PreparedStatement's parameters only for values, not for metadata. If you need updatedColumn to be dynamic, you can do this:
String query = "UPDATE contacts SET " + updatedColumn + " = '?' WHERE first_name = '?' AND last_name = '?' ";
Note that you will have to make sure that updatedColumn is properly quoted/escaped, especially if it's coming from user data (i.e. SQL injection attack).