when I try to enter in variables into VALUES it all falls apart
Statement stmt = con.createStatement(); String SQL = "INSERT INTO Workers VALUES (num, fName, lName, jTitle)"; stmt.executeUpdate(SQL);
You're not sending any variables. You have num
, fName
and the other variables but you're sending them as plain text in your SQL statement. You need to pass the values of your variables into your SQL statement.
The best approach to do this is using PreparedStatement
:
String SQL = "INSERT INTO Workers VALUES (?, ?, ?, ?)";
PreparedStatement pstmt = con.prepareStatement(SQL);
p.setInt(1, num);
p.setString(2, fName);
p.setString(3, lName);
p.setString(4, jTitle);
pstmt.executeUpdate();
pstmt.close();
You may also use the naive approach of concatenating the values of each variable in your SQL statement, but it is unsafe and allows SQL Injection attacks. So the best bet is to use PreparedStatement
.
More info: