I’m trying to insert values into a SQL database from within Java. This works

Question

0

Asked: May 26, 20262026-05-26T22:42:13+00:00 2026-05-26T22:42:13+00:00

I’m trying to insert values into a SQL database from within Java. This works

0

I’m trying to insert values into a SQL database from within Java. This works fine, except for some of the values. Eg, when I insert “foo” it appends null at the start so it becomes “nullfoo”. If I insert the same statement in SQL Server Management Studio this doesn’t happen.

To be sure: I print the string before inserting it and it reads “foo”.

My insert code:

statement.execute("INSERT INTO " + settings.getProperty("table") + " VALUES ('" + value1+ "', '" + value2 + "', '" + value3 + "')");

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T22:42:14+00:00

You’re concatenating values into the SQL statement. If any of those references (value1, value2 etc) are null, then those will be converted into the string “null” as part of concatenation.

The correct fix for this is not to change the way you’re doing validation – it’s to stop putting the values into the SQL statement itself. Use PreparedStatement with parameterized SQL and set parameter values instead.

Benefits:

You won’t get “null” inserted any more
You won’t be vulnerable to SQL injection attacks any more (you are now)
When inserting non-text data you won’t need to worry about problematic conversions (this is particularly relevant for date/time fields)
Your code will be clearer, as you’ll be separating the code (SQL) from the data (parameter values)
Your prepared statement query plan can be cached by the server, so it may perform faster

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m trying to insert values into a SQL database from within Java. This works

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply