Getting Java mysql SQL Syntax error but my query seems normal

Question

I am developing a simple java mysql based application and during data insertion into the database I'm getting an SQL error mentioned below.

Here is my code:

public DBConnection() {
    try {
        Class.forName("com.mysql.jdbc.Driver");
        con = DriverManager.getConnection("jdbc:mysql://localhost:3306/myDatabase?useUnicode=true&useLegacyDatetimeCode=false&serverTimezone=Turkey", "root", "");

        st = con.createStatement();

        System.out.println("CONNECTED!");

    } catch (Exception e) {
        System.out.println("Error  : " + e);
    }
}

public void addCustomer(String name, String surname, String company, String adress, String adressTwo){

  String addQuery = "insert into musteri (name,surname,company,adress,adressTwo) values (?,?,?,?,?)" ;

  try {
      st.executeUpdate(addQuery);
  System.out.println("Data Added");
  } catch (Exception e) {
      System.out.println("Error occured when adding value to database : " + e );
  }
}

Here is my java main method that add's the data:

public static void main(String[] args) {
    // TODO code application logic here


    Customers c1 = new Customers();

    c1.setIsim("test");
    c1.setSoyisim("test");
    c1.setSirket("test");
    c1.setAdres("test");
    c1.setIletisim("test");

    DBConnection db = new DBConnection();

    db.addCustomer(c1.isim, c1.soyisim, c1.sirket, c1.adres, c1.iletisim);
}

The error I'm getting is:

Error occured when adding value to database : java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''insert into musteri (ad,soyad,sirket,adres,iletisim) values (?,?,?,?,?)'' at line 1

Answer 1

May I suggest you implement addCustomer like this. Use a local Statement and create it by using try-with-resource style and then set your parameters for the query

public void addCustomer(String name, String surname, String company, String adress, String adressTwo){
    String addQuery = "insert into musteri (name,surname,company,adress,adressTwo) values (?,?,?,?,?)" ;

    try (PreparedStatement stmt = con.prepareStatement(addQuery)) {
        stmt.setString(1, name);
        stmt.setString(2, surname);
        stmt.setString(3, company);
        stmt.setString(4, adress);
        stmt.setString(5, adressTwo);
        stmt.executeUpdate();
        System.out.println("Data Added");
    } catch (Exception e) {
        System.out.println("Error occured when adding value to database : " + e );
    }
}

Answer 2

You are mixing statements with prepared statements. You should use a prepared statement and set the values to it:

public void addCustomer(String name, String surname, String company, String address, String adressTwo) {
    String addQuery = "insert into musteri (name, surname, company, adress, adressTwo) values (?,?,?,?,?)" ;

    // Shown here for simplicitly.
    // The query could be prepared once and stored in a data member
    try (PreparedStatement ps = con.prepareStatement(addQuery)) {
        ps.setString(1, name);
        ps.setString(2, surname);
        ps.setString(3, company);
        ps.setString(4, address);
        ps.setString(5, addressTwo);
        ps.executeUpdate();
        System.out.println("Data Added");
    } catch (Exception e) {
        System.out.println("Error occured when adding value to database : " + e );
    }
}