How to convert string type (java) and store in date data type in mysql?

Question

Im getting an error message while inserting values from the form. Error is Column count doesn't match value count at raw 1. My 5th string value must be stored as date data type in sql.

String s1=this.txtUsername.getText();
String s2=this.txtPassword.getText();
String s3=this.txtName.getText();
String s4=this.txtAddress.getText();
String s5=this.txtContractEndDetails.getText();


         connection getcon = new connection();
         Connection conn;


    try{
        conn=getcon.creatConnection();
        Statement stmt=conn.createStatement();

        stmt.executeUpdate("insert into TravelGuide(username,password,name,address,contract_end_date)values ('"+s1+"','"+s2+"','"+s3+"','"+s4+"'+'"+s5+"')");



        }
    catch(Exception ex){
        JOptionPane.showMessageDialog(PanelTG, ex.getMessage(),"Error Occured",2);
    }

Here's my relevant table for SQL query.

  create table TravelGuide(
  username char(20),
  password char(20),
  name varchar(100),
  address varchar(150),
  contract_end_date date,
  constraint TravelGuide_PK primary key(username)
  );

edited

Im confused about

preparedStatement("insert into TravelGuide (username,password,name,address,contract_end_date) values (?, ?, ?, ?, ?)");

Could u explain this furthermore..

Is this right? The codes which are inside ** marks are giving errors illegal start of expression and cannot find symbol.. Please help me..

try {
    conn=getcon.creatConnection();

    **String sql="insert into TravelGuide("+"username,"+"password,,"+,"name,"+"address,"+"contract_end_date)"+"values(?,?,?,?,?)";**
    PreparedStatement stmt = conn.**preparedStatement**(sql);
    java.sql.Date dtValue = java.sql.Date.valueOf(s5); 

    stmt.setString(1, s1);
    stmt.setString(2, s2);
    stmt.setString(3, s3);
    stmt.setString(4, s4);
    stmt.setDate(5, dtValue);
    stmt.executeUpdate();                
}

Answer 1

Inside the try, do this instead:

conn = getconn.creatConnection();
PreparedStatement stmt = conn.prepareStatement("insert into TravelGuide (username,password,name,address,contract_end_date) values (?, ?, ?, ?, ?)");

java.sql.Date date = someFunctionToConvertYourDateStringToADate(s5);

stmt.setString(1, s1);
stmt.setString(2, s2);
stmt.setString(3, s3);
stmt.setString(4, s4);
stmt.setDate(5, date);
stmt.executeUpdate();

[and so on]

That way you are protected from SQL injection attacks and you don't have to worry about how to massage your string into a format a specific database requires for a date column. The JDBC driver will handle that for you, given a java.sql.Date object.

Answer 2

stmt.executeUpdate("insert into TravelGuide(username,password,name,address,contract_end_date)values ('"+s1+"','"+s2+"','"+s3+"','"+s4+"'**+**'"+s5+"')");

why + ,i think i should be ,