0

Good night everyone. I have these codes. I only copied here the codes which have the problem.

//This is my main method. I called my Database.class, made the connection and called the insertnewcustomer method.

public static void main(String[] args) {
    Database db = new Database();
    db.connectDB();
    db.insertNewCustomer(86754312, "arda", "zenci", 55418, 400);
.................//

//and here is my insertNewCustomer method which is inside the Database.class

public void insertNewCustomer(int num, String name, String surname, int phone, int debt){
    try {
        statement.executeUpdate("INSERT INTO Customer(customer_cardno, customer_name, customer_sirname, customer_phone, debt) VALUES(" + num + ", " + name  + ", " + surname + ", " + phone + ", " + debt + ")");
    } catch (SQLException e) {
        e.printStackTrace();
    }}

I cannot see any problems but I have a MySQLSyntaxErrorException

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'arda' in 'field list'
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
at com.mysql.jdbc.Util.getInstance(Util.java:386)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1054)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4187)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4119)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2570)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2731)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2809)
at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1811)
at com.mysql.jdbc.StatementImpl.executeUpdate(StatementImpl.java:1725)
at Database.insertNewCustomer(Database.java:39)
at mainFrame.main(mainFrame.java:50)
Improve this question

2 Answers 2

Reset to default
1

This is happening because you need to surround variables which are not integers with quotes, otherwise database would understand them as column, simply add quotes in not integers column, such as

statement.executeUpdate("INSERT INTO Customer(customer_cardno, customer_name, customer_sirname, customer_phone, debt) VALUES(" + num + ", '" + name  + "', '" + surname + "', " + phone + ", " + debt + ")");

I assumed customer_cardno, customer_phone, debt being i tegers columns, if they are nit just surround variabkes with quotes

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Two things:

First, SQL Injection risk. I suggest you take a look on Prepared Statements: http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html

Now, if you insist in building the query string like that, you should enclose the String values you are inserting in quotes:

statement.executeUpdate("INSERT INTO Customer " + 
    (customer_cardno, customer_name, customer_sirname, customer_phone, debt) " + 
    VALUES(" + num + ", '" + name  + "', '" + surname + "', '" + phone + "', " + debt + ")");
/*
 * Notice the single quotes arround "name", "surname" and "phone"
 */
Improve this answer

2 Comments

Thanks, before you answer, I had found. =) Thanks again.
@ArdaOğulÜçpınar Anyway, please read the link I provided to you. Your code is vulnerable to SQL injection. Prepared statements can save you a lot of pain (and they are quite easy to use)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.