I keep getting the error: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column '. . . . ' in 'field list'

1
votes

Here is my code guys, what am I doing wrong (I am forced to use a regular Statement as opposed to the PreparedStatement class so that I can use mySQL's AES_ENCRYPT/DECRYPT methods):

DDL

 s.executeUpdate("CREATE TABLE login ("+"user_Name CHAR(50) NOT NULL,"+"PRIMARY KEY(user_Name),"+"pass_Word CHAR(50)NOT NULL, cust_ID CHAR(10))");

DML

 public static void insertLoginData(String user_Name, String pass_Word, String cust_ID)throws IOException, SQLException, NoSuchAlgorithmException, InvalidKeyException 
 {
     . . .

     String insert="INSERT INTO login(user_Name, pass_Word, cust_ID)"
            + " VALUES("+user_Name+",AES_ENCRYPT('text',"+pass_Word+"),"+cust_ID+")";

     s.executeUpdate(insert);
1
javamysqljdbc
put in more specifics. Like exact error message. You mentioned more details in other question. Secondly, before s.executeUpdate() put print statement that prints insert variable. Then try it in mysql. - Alex Gitelman
Sir you are a gentleman and a scholar. . . seeing the printed SQL statement let me see for myself that I needed to add in extra quote marks. THANK YOU! - Mike
corrected SQL entry for any others like me: String insert="INSERT INTO login(user_Name, pass_Word, cust_ID)" + " VALUES ('"+username5+"',AES_ENCRYPT('text','"+password5+"'),'"+custID5+"')"; - Mike

1 Answers

3
votes

You probably need single quotes around the column values like this:

  String insert="INSERT INTO login(user_Name, pass_Word, cust_ID)"
        + " VALUES('"+user_Name+"',AES_ENCRYPT('text','"+pass_Word+"'),'"+cust_ID+"')";

On a side note: Someone will eventually point out that this code is subject to SQL injection attack.