Here is my query
result = s.executeUpdate("INSERT INTO order " + "VALUES ('" + id.getText() + "','" + name.getText() + "', '" + code.getText() + "','" + price.getText() + "')");
I am getting this exception:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order VALUES (('1'),('1'),( '1'),('1')' at line 1
Order is a reserved word -- I wouldn't use it as a table name, but if you are stuck with it, just put back ticks around it. INSERT INTO `order` ...
You need to use backticks for reserved keywords,
result = s.executeUpdate("INSERT INTO `order` " + "VALUES ('" + id.getText() + "','" + name.getText() + "', '" + code.getText() + "','" + price.getText() + "')");
Also your code is prone to SQL injection. So you need to work on that as well. My suggestion is to use prepared statement to avoid SQL injection.
Also a good read: Preventing SQL Injection in Java
Ensure that none of your getters are sending characters that may cause the query be syntactically incorrect. If your getter is returning a reserved character like the following:
reserved = gen-delims / sub-delims
gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"
sub-delims = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "="
*Then the statement will not function as intended. This is why sanitation of inputs is important for any statement.
See more on allowed unencoded in query strings: http://www.456bereastreet.com/archive/201008/what_characters_are_allowed_unencoded_in_query_strings/
