My Java SQL Update statement is not updating my database, and I don't know if it's a problem with the statement or the connection

Question

I am connecting my Java Program to a database stored in the program folder, and I am having users answer quiz questions and I want the results to be stored in the database. The Update statement is not working, and I don't know if it's a problem with the actual statement or the database connection.

I've tried creating a new database with the same tables and reconnecting to that database, but nothing seems to be working.

//database connection class
public class databaseConnection {
    public static Connection dbConnector() {
        try {
            Class.forName("org.sqlite.JDBC");
            Connection conn = DriverManager
                    .getConnection("jdbc:sqlite:D:\\Users\\mariammahmoud\\eclipse-workspace\\ia_2019_final\\testjava.db");
            return conn;
        } catch (Exception e) {
            JOptionPane.showMessageDialog(null, e);
            return null;
        }
    }
}

public class student {

    public static final String DB_NAME = "testjava.db";

    public static final String TABLE_STUDENTS = "students";

    public static final String COLUMN_NAME = "name";
    public static final String COLUMN_GRADE = "grade";
    public static final String COLUMN_RESULTS = "results";
    public static final String COLUMN_EVENTS = "events";
    public static final String COLUMN_USERNAME = "username";

    public void main() {
        try {
            String user_name = login_student.sendQuiz();
            Connection conn = databaseConnection.dbConnector();
            ArrayList<String> results = new ArrayList<String>(15);
            instructions();
            questions(results);
            results.trimToSize();

            System.out.println("Here are the events that you should consider competing in:");
            System.out.println(results);

            String separator = ",";

            int total = results.size() * separator.length();
            for (String finalResults : results) {
                total += finalResults.length();
            }

            StringBuilder sb = new StringBuilder(total);
            for (String finalResults : results) {
                sb.append(separator).append(finalResults);
            }

            String resultsDatabase = sb.substring(separator.length());
            String sql = "UPDATE students SET events = ? WHERE username = " +user_name;
            PreparedStatement myStmt = conn.prepareStatement(sql);
            myStmt.setString(1, resultsDatabase);

            myStmt.executeUpdate();

        } catch (SQLException e) {
            System.out.println("Something went wrong:" + e.getMessage());
            e.printStackTrace();
        }

    }

I expected the update statement to update the testjava.db database, but everything is staying the same. What should I do? Thank you in advance!

Answer 1

Your problem is that while you wisely used a prepared statement in your code for the update, you never actually used it for the username column in the WHERE clause. Hence, the query you are executing currently won't be interpreted as comparing some input against username . Rather, the username value will be interpreted as a column. Try this version:

String resultsDatabase = sb.substring(separator.length());
String sql = "UPDATE students SET events = ? WHERE username = ?";
PreparedStatement myStmt = conn.prepareStatement(sql);
myStmt.setString(1, resultsDatabase);
myStmt.setString(2, user_name);
myStmt.executeUpdate();

Note that you could have just tried the following:

String sql = "UPDATE students SET events = ? WHERE username = '" + user_name + "'";

But, please bind a value to a ? placeholder instead, as I have suggested above. One benefit of using statements is that it frees you from having to worry about how to escape your data in the query.