0 
     Class.forName("com.mysql.jdbc.Driver");
     Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/test",
     "root", "mysecret");
     System.out.println("Connected to Database");
     Statement stmt1 = conn.createStatement();
     ResultSet rs1=null;
     String sql="insert into id
     values('"+name+"',12,+fs+,+se+,+th+,+ft+,+f+,+si+,+sv+,+ei+)";
     System.out.println("sql:"+sql);
     stmt1.executeUpdate(sql);

The Name Variable is taken care of in the definition part not included here, the output is

     sql:insert into id values('Golum',12,+fs+,+se+,+th+,+ft+,+f+,+si+,+sv+,+ei+);

It also says error in SQL Syntax which refers to the variables fs,se,th,ft,f,si,sv and ei. Basically i am trying to pass integers to MySQL Database using variables. the definition of these variables is as such

    int fs = x21;
    int se = y21;

x21 and y21 store mouse click co-ordinates x and y respectively. The code below shows that the co-ordinates are passed correctly. The error is in SQL Syntax. I wanna Know what is the correct syntax for passing integers to SQL Database using this technique.

    System.out.println(fs);
Improve this question
0

3 Answers 3

Reset to default
3

You have a SQL error in your insert statement. I don't know why you have those + characters in your statement, but I'm guessing that you are attempting to concatenate the values into the statement. But in your attempt the + characters are part of the string. Try inserting double-quote characters to end and start the strings to concatenate together to form the insert statement:

String sql="insert into id values('"+name+"',12, " +
    fs+","+se+","+th+","+ft+","+f+","+si+","+sv+","+ei+")";

Of course anytime you concatenate values that may be from the user into a SQL statement, you are vulnerable to SQL injection. If these are user values, then use a PreparedStatement with bind variables instead.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You need to tell Java to convert your integer variables to strings, change your sql assignment statement to:

String sql="insert into id values('"
    + name + "',12," + fs + ", " + se + ","
    + th + "," + ft + "," + f + "," + si + "," + sv + "," + ei + ")";
Improve this answer

Comments

0

try this

String sql="insert into id values('"+name+"',12,"+fs +","+se+","+th+","+ft+","+f+","+si+","+sv+","+ei+")";

your syntax for using vars in the string is wrong. The vars should be out of quotations

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.