0

I decided to add an "Add" button where Employee records are added to my Access Database, Employee table.

Whenever I clicked the "Add" button, an error message shows up saying "Syntax error in INSERT INTO statement". Can anybody help? Is there something wrong with my coding? Cause I really followed this video exactly, even though in the video, the person managed to successfully "Saved" the records to the database and I keep getting errors.

conn = Connect.ConnectDB();
        String sql = "insert into Employee ("
                +"Employee ID,"
                +"Employee Name,"
                +"Employee NICN,"
                +"Employee Gender,"
                +"Employee Contact Number,"
                +"Employee Department)"
                +"values("+txteid.getText()+ ",'"+txtename.getText()+"','"+txtenicn.getText()+"','"+txtegender.getText()+"','"+txtecnumber.getText()+"','"
                +txtedept.getText()+"')";
        try{
            pst = conn.prepareStatement(sql);
            pst.execute();
            JOptionPane.showMessageDialog(null, "Added");

        }catch(Exception e){
            JOptionPane.showMessageDialog(null, e);
        }
Improve this question
5
  • this is the video, that i referred to: youtube.com/watch?v=sqXtWlzwKM4 Commented Jun 7, 2014 at 8:16
  • 1
    Given that this code is vulnerable to SQL injection attacks, I would strongly advise you to find a different source of information. Commented Jun 7, 2014 at 8:17
  • 2
    Looking at the video, the author doesn't appear to follow Java naming conventions, either. I strongly advise that you read a decent book or tutorial on JDBC rather than learning anything from this. Commented Jun 7, 2014 at 8:18
  • Can you printout the sql-string and try it in a console? Commented Jun 7, 2014 at 8:20
  • Sure there was no underscore instead of space in the column names? Employee_ID etc, Commented Jun 7, 2014 at 8:33

1 Answer 1

Reset to default
1

You use prepared statement so you must work with parameter

   conn = getConnection();
   String sql = "insert into Employee ("
                +"Employee ID,"
                +"Employee Name,"
                +"Employee NICN,"
                +"Employee Gender,"
                +"Employee Contact Number,"
                +"Employee Department)"
                +"values(?,?,?,?,?,?)";

And then set the parameter:

      pstmt.setInt(1, txteid.getText()); // set input parameter 1
      pstmt.setString(2, txtename.getText()); // set input parameter 2
 ...
      pstmt.executeUpdate(); // execute insert statement
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Column names that contain spaces will also have to be enclosed in square brackets, e.g., [Employee ID].

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.