'How to delete a record (string) JAVA and MYSQL

I successfully can delete an integer but when I tried to make it a STRING it says "unknown column itemtodelete in where clause but my ITEMTODELETE is a STRING declared in the database not an integer how much It doesn't delete a STRING?

below is my code:

 private void DeleteButtonActionPerformed(java.awt.event.ActionEvent evt) {                                            
        int del = (prompt):
        if (del == JOptionPane.YES_OPTION){
        DelCurRec();
        }

    }     


   public void DelCurRec() {

        String id = field.getText();
        String SQL = "DELETE FROM inventory WHERE ItemCode = "+id+" ";

        try {
           Class.forName(connectio);
       }  catch (Exception e) {
           JOptionPane.showMessageDialog(null,""+e.getMessage(),"JDBC Driver Error",JOptionPane.WARNING_MESSAGE);
       }

        Statement stmt = null;
        Connection con = null;

        //Creates connection to database
        try {
            con = DriverManager.getConnection("Connection");
            stmt = con.createStatement();
        } catch (Exception e) {
            JOptionPane.showMessageDialog(null,""+e.getMessage(),"Connection Error",JOptionPane.WARNING_MESSAGE);
        }

        //Execute the SQL statment for deleting records
        try {
            stmt.executeUpdate(SQL);
            //This closes the connection to the database
            con.close();
            //This closes the dialog
            JOptionPane.showMessageDialog(null,"Deleted Succesfully","Delete Successful",JOptionPane.WARNING_MESSAGE);
        } catch (Exception e) {
            JOptionPane.showMessageDialog(null,""+e.getMessage(),"Communication Error",JOptionPane.WARNING_MESSAGE);
        }
    }
java


Solution 1:[1]

Do NOT use a Statement use a PreparedStatement instead, otherwise your application will be vulnerable to SQL injections. E.g. someone enters a string like: "'; drop table inventory; --"

The corresponding prepared statment would look something like: 

String SQL = "DELETE FROM inventory WHERE ItemCode = ? ";
PreparedStatement pstmt = null;

// get a connection and then in your try catch for executing your delete...

pstmt = con.prepareStatement(SQL); 
pstmt.setString(1, id);
pstmt.executeUpdate();

Solution 2:[2]

I think you need to pass Integer.parseInt(id) and not id...assuming your id is int

Solution 3:[3]

This worked for me:

Statement stmt=con.createStatement();
 
stmt.executeUpdate("DELETE FROM student WHERE reg_number='R18854';");

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Emil H
Solution 2 Shashank Kadne
Solution 3 procrastinator

Related Questions