Why SQL INSERT query takes the entered values as column names

Question

I have a problem with the SQL INSERT QUERY. Whenever I execute the INSERT QUERY in the below code, what happens, is the query understands the values to be entered as the column names. My code is :

try
{
    Class.forName("com.mysql.jdbc.Driver");
    Connection con=DriverManager.getConnection("jdbc:mysql://localhost/db","root","123456");
    Statement s = con.createStatement();
    int start = 8, end = 10;
    char buf[] = new char[end-start];   // for extracting day alone.

    dvalue = new String();
    ddvalue = new String(); // for adding the extracted day to the table.
    dvalue = cb3.getSelectedItem().toString();
    dvalue.getChars(start, end, buf, 0);System.out.println(buf);
    ddvalue = String.copyValueOf(buf);


    s.executeUpdate("insert into "+nameoftab+" (sname,"+"_"+ddvalue+"_"+") values (hello,"+cb3.getSelectedItem()+")");
}
catch(SQLException s)
{
    System.out.println("SQL statemnet is not executed!");
    System.out.println(s);
}

The error that I get after executing the query is :-

SQL statemnet is not executed! com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'hello' in 'field list'

-- EDIT-- Actually, my code was :

s.executeUpdate("insert into "+nameoftab+" (sname,"+""+ddvalue+""+") values ("+cb5.getSelectedItem()+","+cb3.getSelectedItem()+")"); 

When I insert the quotes like everyone said, what happens is that the term "cb5.getSelectedItem()" is being entered into the table. The case with "+cb3.getSelectedItem()+" is that, it just enteres some garbage value.

Answer 1

You need to quote the string hello in your query.

s.executeUpdate("insert into "+nameoftab+" (sname,"+"_"+ddvalue+"_"+") values ('hello',"+cb3.getSelectedItem()+")");

Answer 2

Try with single quotes around hello - e.g 'hello'

Answer 3

Try this

  s.executeUpdate("insert into "+nameoftab+" (sname,"+"_"+ddvalue+"_"+") values ('hello',"+cb3.getSelectedItem()+")");

Answer 4

you need to insert quotation marks around hello , this is how mysql came to know that the value is integer or string,
use either ' '

 s.executeUpdate("insert into "+nameoftab+" (sname,"+"_"+ddvalue+"_"+") values ('hello',"+cb3.getSelectedItem()+")"); 

or \" \" both do work

 s.executeUpdate("insert into "+nameoftab+" (sname,"+"_"+ddvalue+"_"+") values (\"hello\","+cb3.getSelectedItem()+")");

Answer 5

You might want to consider using PreparedStatement instead, so as not to have to deal with such quoting issues -- and you get protection from SQL injection attacks as an added benefit.

Answer 6

This is because you need to add quotes to strings. Please, try doing this:

>     s.executeUpdate("insert into "+nameoftab+" (sname,"+"_"+ddvalue+"_"+") values
> ('hello','"+cb3.getSelectedItem()+"')");

Note I added the char ' at the beginning and at the end of the string you are trying to insert.

Why SQL thinks your string was a column? Imagine how the string you send to sql is:

"insert into OneTable (Field1, Field2) values (Hello, George)"
Instead of (the correct one):

"insert into OneTable (Field1, Field2) values ('Hello', 'George')"