java - jdbc Error, unable to connect to sql -


i want use database in project, use code test( jdbc tutorialspoint ) , change code , db error:

creating statement...  have error in sql syntax; check manual corresponds mysql server version right syntax use near 'from test set name=eee id=1' @ line 1 error: unable connect sql! java.sql.sqlexception: have error in sql syntax; check manual corresponds mysql server version right syntax use near 'from test set name=eee id=1' @ line 1     @ com.mysql.jdbc.mysqlio.checkerrorpacket(mysqlio.java:2975)     @ com.mysql.jdbc.mysqlio.sendcommand(mysqlio.java:1600)     @ com.mysql.jdbc.mysqlio.sqlquerydirect(mysqlio.java:1695)     @ com.mysql.jdbc.connection.execsql(connection.java:3020)     @ com.mysql.jdbc.connection.execsql(connection.java:2949)     @ com.mysql.jdbc.statement.execute(statement.java:538)     @ test.main(test.java:49) 

my code:

import java.sql.*; import java.math.*;   public class test {     final static string db_url = "jdbc:mysql://localhost/testdb";     final static string user = "root";     final static string pass = "";      final static string jdbc_driver="com.mysql.jdbc.driver";      public static void main(string[] args) {         connection conn = null;         statement stmt = null;         try {             class.forname("com.mysql.jdbc.driver").newinstance();             conn = drivermanager.getconnection(db_url,user,pass);             system.out.println("creating statement...");             stmt = conn.createstatement();             string sql = "update name test set name=eee id=1";               boolean ret = stmt.execute(sql);             system.out.println("return value : " + ret.tostring() );               int rows = stmt.executeupdate(sql);             system.out.println("rows impacted : " + rows );              sql = "select id,name test";             resultset rs = stmt.executequery(sql);              while(rs.next()){                 int id  = rs.getint("id");                 string name = rs.getstring("name");                  system.out.print("id: " + id);                 system.out.print(", name: " + name);             }             rs.close();             stmt.close();             conn.close();         }         catch(classnotfoundexception ex) {             ex.printstacktrace();             system.out.println("\n" + ex.getmessage());             system.out.println("error: unable load driver class!");              system.exit(1);         }         catch(illegalaccessexception ex) {             ex.printstacktrace();             system.out.println("\n" + ex.getmessage());             system.out.println("error: access problem while loading!");             system.exit(2);         }         catch(instantiationexception ex) {             ex.printstacktrace();             system.out.println("\n" + ex.getmessage());             system.out.println("error: unable instantiate driver!");             system.exit(3);         }         catch (sqlexception ex) {             // todo auto-generated catch block             ex.printstacktrace();             system.out.println("\n" + ex.getmessage());             system.out.println("error: unable connect sql!");             system.exit(4);         }     } } 

my database is: picture of db

i see page doesn't me!

at first statement not valid update statement. has convention:

update <tablename> set <column> = '<newvalue>'; 

this simpliest update statement. update rows. can add where clause make selection of rows. check this out.

secondly, directly adding values columns , aren't wrapping value(s) single quotes (they has wrapped otherwise won't work). fix need add single quotes like:

set name = 'value'; 

sure, works don't approach. it's dangerous , unsafe. suggest use parametrized statements more safe (beware of sql injection) , more human-readable.

simple example of usage of preparedstatement:

string sql = "update test set name = ? id = ?"; preparedstatement ps = conn.preparestatement(sql); ps.setstring(1, <namevalue>); // binding value name column ps.setint(2, <idvalue>); // binding value clause ps.executeupdate(); // executes statement 

i mention few main advantages of preparedstatements:

  • they precompiled, database-side caching of sql statement leads overall faster execution , ability reuse same sql statement in batches.
  • automatic prevention of sql injection attacks built-in escaping of quotes , other special characters.
  • eases setting of non-standard java objects in sql (date, time, timestamp, bigdecimal, blob, etc.)

Comments

Popular posts from this blog

css - Which browser returns the correct result for getBoundingClientRect of an SVG element? -

gcc - Calling fftR4() in c from assembly -

.htaccess - Matching full URL in RewriteCond -