Java Update statement issue

Question

I am trying to update the SSN for a customer by searching for them based on the old SSN then updating it. What am I missing? This will not return a result even though i know i have matches for ssNum in the database. Thanks.

String query = "UPDATE Customers SET ss_num = ('" + updateSsn
                + "') WHERE ss_num = ('" + ssNum + "')";

You should specify your DBMS and the exception that's been thrown — Carlos Gavidia-Calderon, Dec 01 '12 at 02:23
Please use PreparedStatement with a parameterized query to guard against things like SQL injection. — Mark Rotteveel, Dec 01 '12 at 08:54

score 3 · Answer 1 · edited May 23 '17 at 12:27

3

That type of query is unsafe (vulnerable to SQL injection). Write your query as follows and use PreparedStatement:

String query = "UPDATE Customers SET ss_num = ? WHERE ss_num = ?";
PreparedStatement ps = con.prepareStatement(query);
ps.setString(1, updateSsn);
ps.setString(2, ssnNum);

edited May 23 '17 at 12:27

Community

1
1

answered Dec 01 '12 at 02:30

Bhesh Gurung

50,430
22
93
142

jmj · Accepted Answer · 2012-12-01T02:32:11.033

1

you need to use executeUpdate() method, which doesn't return ResultSet, but it will return numberOfRowsUpdated

Use PreparedStatement instead

edited Dec 01 '12 at 02:32

answered Dec 01 '12 at 02:20

jmj

237,923
42
401
438

Thanks! It was the executeUpdate() that was the issue. – Gluons Dec 01 '12 at 02:29

Java Update statement issue

2 Answers2