Unknown column '' in 'where clause' while using variable for SET value

Question

String SQL_UPDATE = "UPDATE `club_juvenil` SET "+SET_MySQL+" = "+nuevo_valor.getText().toString()+" WHERE dni_competidor = "+wher_combo.getSelectedItem().toString()+" ";

Hi. I'm trying to update a table on MySQL using Java, but I get the error Unknown column '(value from wher_combo)' in 'where clause' I'm trying to use a variable in the SET value to switch from one to other column(which is the main reason I decided to do it this way), but then the WHERE seems like it is reading the wher_combo value as a column, and obviously lends to an error because that column doesn't exist on the table.

Answer 1

It looks like you forgot quote. Like this, can you try ? :

" WHERE dni_competidor = '"+wher_combo.getSelectedItem().toString()+"' ";

Answer 2

Assuming that SET_MySQL is a valid column in that table, then the statement should work with quoted strings, as user3088799 already answered.

Please note however that appending unknown data directly to the SQL query string like this is highly dangerous and should never be done. You can read about prepared statements here, which provide a safe way of passing arbitrary data as parameters.

See also How does the SQL injection from the “Bobby Tables” XKCD comic work? and Java - escape string to prevent SQL injection