Syntax error in update query near '? in eclipse but working in MySQL workbench

Question

I'm getting this error in eclipse

com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '? , login = ? , pwd = ? WHERE login = 'pp'' at line 1

This is my query in my source code:

String query2 = "UPDATE usuarios SET nombre = ? , login = ? , pwd = ? WHERE login = '" + login2 + "'";

And this is the whole code from my method:

private void modificar() {
        // Prints the content of the table
        String query = "SELECT * FROM usuarios";
        try {
            pst = con.Conectar().prepareStatement(query);
            rs = pst.executeQuery(query);

            // Itarate over the registries
            int i = 0;
            while (rs.next()) {
                i++;
                //print them
                System.out.println(i + "  " + rs.getString("id") + " " + rs.getString("login"));
            }
            //There are X registries
            System.out.println("Existen " + i + " usuarios actualmente");
            pst.close();

            //Wich registry do you need to modify?
            System.out.println("Ingrese el login del usuarios a modificar");
            String login2 = scanner.nextLine();

            System.out.println("Ingrese datos a modificar");
            System.out.print("Nombre: ");
            nombre = scanner.nextLine();
            System.out.print("Login: ");
            login = scanner.nextLine();
            System.out.print("Password: ");
            pwd = scanner.nextLine();

            String query2 = "UPDATE usuarios SET nombre = ? , login = ? , pwd = ? WHERE login = '" + login2 + "'";

            pst = con.Conectar().prepareStatement(query2);
            pst.setString(1, nombre);
            pst.setString(2, login);
            pst.setString(3, pwd);
            /*
             * Aqui da error de sintaxis en query2
             */
            pst.executeUpdate(query2);
            pst.close();

            String query3 = "SELECT * FROM usuarios where login =" + login;

            pst = con.Conectar().prepareStatement(query3);
            rs = pst.executeQuery(query3);
            rs.next();

            System.out.println("ahora quedo asi " + rs.getString("login"));

        } catch (SQLException e) {
            // TODO: handle exception
            e.printStackTrace();
        } finally {
            cerrarConsultas();
        }
    }

But is working fine when I use it in MySQL Workbench, this is my test in the workbench.

prepare insertar from "UPDATE usuarios SET nombre = ?, login = ?, pwd = ? WHERE login = 'pp'"; 
-- "UPDATE usuarios SET nombre = ?, login = ?, pwd = ? WHERE login = 'pablo'";
set @nombre = 'pp';
set @login = 'pp';
set @pwd = 'pp';
execute insertar using @nombre, @login, @pwd;
deallocate prepare insertar;

I've tried even with literal qoutes and still doesn't work.

String query2 = "UPDATE usuarios SET `nombre` = ? , `login` = ? , `pwd` = ? WHERE login = '" + login2 + "'";

Also tried:

String query2 = "UPDATE usuarios SET `nombre` = ? , `login` = ? , `pwd` = ? WHERE login = "+ login2;

Same result.

Answer 1

Replace pst.executeUpdate(query2); with pst.executeUpdate();

Otherwise you will end up ignoring the parameter binding you did with with the various pst.setString(...) hence the db engine will receive a query with ? instead of the values you meant to bind.

Answer 2

Why not using a parameter for your WHERE clause?

String query2 = "UPDATE usuarios SET nombre = ? , login = ? , pwd = ? WHERE login = ?";

pst = con.Conectar().prepareStatement(query2);
pst.setString(1, nombre);
pst.setString(2, login);
pst.setString(3, pwd);
pst.setString(4, login2 );