Error While Inserting Data in to Database

Question

I tried to insert my data into my database table name called newdevice. My query is:

String query= uni +"," + nam +","+ temp + "," + vendor + "," + invoice +","+ dop +"," + cost ;
                res=stm.executeQuery("INSERT INTO newdevice " + "(uniqueid , device , device_status , vendor_name , invoice , dop , cost)" + " VALUES(" + query +")");

But while am doing this I faced this error:

org.firebirdsql.jdbc.FBSQLException: GDS Exception. 335544569. Dynamic SQL Error SQL error code = -104 Token unknown - line 1, column 106

(,)its showing error with comma.

Mark Rotteveel · Answer 1 · 2021-11-13T13:37:33.763

The problem is that you are probably missing quotes around string values etc, however you should not concatenate values like that at all. It leaves you open to SQL injection. Instead you should use a PreparedStatement with parameters, like this:

try (PreparedStatement pstmt = connection.prepareStatement(
        "INSERT INTO newdevice (uniqueid, device, device_status, vendor_name, invoice, dop, cost) VALUES(?, ?, ?, ?, ?, ?, ?)")) {
    pstmt.setInt(1, uni);
    pstmt.setString(2, nam);
    pstmt.setInt(3, temp);
    pstmt.setString(4, vendor);
    pstmt.setInt(5, invoice);
    pstmt.setInt(6, dop);
    pstmt.setBigDecimal(7, cost);
    pstmt.executeUpdate();
}

Note that I have made a random guess at the actual data types for the setXXX.

score 0 · Answer 2 · answered Feb 19 '17 at 15:50

0

There is something wrong with quotes. I guess the statement (uniqueid , device , device_status , vendor_name , invoice , dop , cost) should not be in double quote. can you try removing this double quote.

answered Feb 19 '17 at 15:50

dev

649
9
11

Error While Inserting Data in to Database

2 Answers2