0 
PreparedStatement posted = con.prepareStatement(
    "INSERT INTO userdate (description, UUID) VALUES ('"+ desc + "','" + postuuid + "') ON DUPLICATE KEY UPDATE");

this is the error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' this is the code I have, does anyone know waht might be wrong with this?

Improve this question
1
  • 1
    Do not concatenate values into a query string, it makes your code vulnerable to SQL injection. You need to properly parametrize your query by using parameters (?) instead of values. Commented Apr 21, 2021 at 7:54

1 Answer 1

Reset to default
1

Check on MySQL docs for reference on DUPLICATE KEY UPDATE https://dev.mysql.com/doc/refman/8.0/en/insert-on-duplicate.html

The keyword "UPDATE" is not the absolute end of the statement. You need to specify the fields/values that will be updated

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you this helped. This is my new code: PreparedStatement posted = con.prepareStatement("INSERT INTO userdata(description, UUID) VALUES ('"+desc+"', '"+postuuid+"') ON DUPLICATE KEY UPDATE description='"+ desc +"'");

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.