I am trying to UPDATE an entry in MySQL, the structure of the table is table_rankings (ip text, field text, rank double). Where ip is a user's IP address, field is an object being ranked and rank is the numerical rank of a field. My statement is:
//String for query
String query = "UPDATE "+catagory+"_rankings SET rank = ? WHERE ip = ? AND field = ? )";
PreparedStatement ps = conn.prepareStatement(query);
//fill ? variables
ps.setDouble(1, r[i]);
ps.setString(2, user);
ps.setString(3, s[i]);
ps.executeUpdate();
In this code catagory refers to a given table, for instance baseball_rankings or basketball_rankings. The error I am receiving is:
SQLException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1
SQLState: 42000
VendorError: 1064
Is the issue that I cannot use WHERE as well as AND in an UPDATE statement? I am also curious if my update is subject to a SQL injection attack because I am using catagory+"_rankings". I have tried to use a ? variable however it results in another error.
