MariaDB server version for the right syntax to use near 'WHERE id =1'
problem solving help please
[ WARN] (AWT-EventQueue-0) Error: 1064-42000
public Clinic getFetch(int id) { Connection con = conn.connDb(); Clinic objUser = new Clinic();
try { statement = con.createStatement();
resultSet = statement.executeQuery("SELECT * FROM clinic WHERE id ="+id); while (resultSet.next()) { objUser.setId(resultSet.getInt("id")); objUser.setName(resultSet.getString("name")); break; } } catch (SQLException e) { TODO Auto-generated catch block e.printStackTrace(); }
return objUser;
}
***********
updateMenuItem.addActionListener(new ActionListener() {
@Override public void actionPerformed(ActionEvent e) { int selID = Integer.parseInt(table_clinic.getValueAt(table_clinic.getSelectedRow(), 0).toString()); System.out.println(selID); Clinic selectClinic = clinic.getFetch(selID); UpdateClinicGUI updateGUI = new UpdateClinicGUI(selectClinic); updateGUI.setDefaultCloseOperation(JFrame.DISPOSE_ON_CLOSE); updateGUI.setVisible(true); updateGUI.addWindowListener(new WindowAdapter() { @Override public void windowClosed(WindowEvent e) { try { updateClinicModel(); } catch (SQLException e1) { TODO Auto-generated catch block e1.printStackTrace(); } } });
} });
****** sql CREATE TABLE `clinic` ( `id` INT(11) NOT NULL AUTO_INCREMENT, `name` VARCHAR(255) NOT NULL COLLATE 'utf8mb4_general_ci', PRIMARY KEY (`id`) USING BTREE ) COLLATE='utf8mb4_general_ci' ENGINE=InnoDB AUTO_INCREMENT=5
Answer Answered by Markus Mäkelä in this comment.
You should probably use a prepared statement instead of combining values into a string. That's a classic case for SQL injection to occur. Here's a short example of how you could add this into the code:
statement = con.prepareStatement("SELECT * FROM clinic WHERE id = ?");
statement.setInt(1, id);
resultSet = statement.executeQuery();
