1

Iam using a Java Swing Application to Update a column in Mysql table. Here is My code(part)

String qunty = txtWithdraw.getText();
String partno = txtNo.getText();
int qty = Integer.parseInt(qunty);
con = DriverManager.getConnection(url + db, "username", "password");
        Statement st = con.createStatement();
String sell = "update Store_info_table set qnty_received = qnty_received - " + qty +      "where Part_number = '" + partno + "'";
                st.executeUpdate(sell);

I am getting the Exception that:

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Part_number = 'DF6534'' at line 1

I want to Update the qnty_received field so that it is equal to the Original value minus the value passed by the user i.e (int qty). What Error Am I making?

Improve this question
1
  • 1
    you can print out the sell and see the actual SQL that you are trying to run. easy to debug Commented Aug 21, 2012 at 14:24

2 Answers 2

Reset to default
6

Add a space before the where:

 " where Part_number = '" + partno + "'";

As a good practice, I recommend you to use PreparedStatement and set your parameters with the same. Concatenating the parameters dynamically may force the db engine to parse a new SQL statement every time.

A SQL statement is precompiled and stored in a PreparedStatement object. This object can then be used to efficiently execute this statement multiple times.

See: PreparedStatement

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Oh I am surprised I did not see that. Thank you guys for the Insight. You are right. I must have missed that. I almost raked my Brains checking where the Error was.
Not sure how or where this code is used but as davidmontoyago suggests you should use PreparedStatemen. If this code gets qty or partno from a outside source such as a web form you are exposing yourself to a SQL injection attack. en.wikipedia.org/wiki/SQL_injection I just noticed its a Swing app. Still a vulnerability.
3

Missing space:

... + qty +      "where ...
                  ^--- here

which makes your query something like

... qnty_received - blahwhere
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.