• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

SQL statement not executing.

 
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hii...the mentioned SQL statement is just not executing, The code is as below:
The error I'm getting is : java.sql.SQLException: Invalid SQL type: sqlKind = UNINITIALIZED
CODE::
Statement st1 = con.createStatement();
st1.executeUpdate("insert into customer values('"+ id1 +"','"+ name +"','"+ addr +"','"+ cont +"','"+ email+"','" + city +"','" + state + "','" + from +"','" + to + "','"+ room +"','" + adv +"','" + room_no +"','"+ differenceInDays +"')"); // the first statement works absolutely fine, inserting all the values in database.
st1.executeUpdate("update" + room + "set FLAG=1 where RNO = " + room_no +"");// this statement here is not executing, values room and room_no are inserted in database in the above SQL query
con.close();
res.close();

 
Sheriff
Posts: 22816
132
Eclipse IDE Spring Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Don't you mean update customer set FLAG=1 where RNO = " + room_no? Because room is a value, not the name of a table.

You should also definitely start using PreparedStatement. Right now that code is highly susceptible to SQL injection.
 
Sheriff
Posts: 28344
97
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It's also susceptible to failing if you get the tiniest thing wrong in that horrible mess of single and double quotes. And it's easy to get that wrong. PreparedStatement makes parametrized queries infinitely easier, you should definitely be using it.
 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for this link.
 
Bartender
Posts: 2407
36
Scala Python Oracle Postgres Database Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
  • Try printing your SQL statements out so you can see what your DB is trying to execute. I think your SQL UPDATE needs a space after the "update", for example.
  • But as the others have said, using concatenated SQL strings like this is the wrong approach anyway.
  • Write and test your SQL separately (outside Java) using your database's SQL shell, so you can be sure you've got your SQL right before you start messing around in Java.
  • Then use a PreparedStatement with bind variables in Java for your SQL because it's easier to write/read/maintain, more secure (helps prevent SQL injection) and more efficient (allows your database to re-use the parsed SQL).

  •  
    Politics n. Poly "many" + ticks "blood sucking insects". Tiny ad:
    Gift giving made easy with the permaculture playing cards
    https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
    reply
      Bookmark Topic Watch Topic
    • New Topic