SQLSyntaxErrorException: Column 'TEST' is either not in any table in the FROM list or appears within a join specification

Question

I'm trying to insert some values into my table which is created of executing this query

public static final String tableName = "ACCOUNT_TABLE"; 

statement.executeUpdate("CREATE TABLE "+ tableName +" (" +
   " ID INTEGER NOT NULL PRIMARY KEY GENERATED ALWAYS AS IDENTITY ("+
   " START WITH 1, INCREMENT BY 1), username VARCHAR(15), password VARCHAR(100)" + ")");

after that when table were created successfully, I'm calling register method to insert user into table

public boolean registerAccount(final User user){
    if (statement != null){
        final String userName = user.getUserName();
        final String password = user.getPassword();
        try {
            return statement.execute("INSERT INTO "+tableName +" VALUES (" + userName +"," + password +")");
        } catch (SQLException e) {
            e.printStackTrace();
        }
    }
    return false;
}

at this example userName == "TEST" and password == "123"

here return statement.execute("INSERT INTO "+tableName+" VALUES (" + userName +"," + password +")"); throws exception

java.sql.SQLSyntaxErrorException: Column 'TEST' is either not in any table in the FROM list or appears within a join specification and is outside the scope of the join specification or appears in a HAVING clause and is not in the GROUP BY list. If this is a CREATE or ALTER TABLE  statement then 'TEST' is not a column in the target table.
at org.apache.derby.impl.jdbc.SQLExceptionFactory40.getSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.TransactionResourceImpl.wrapInSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.TransactionResourceImpl.handleException(Unknown Source)
at org.apache.derby.impl.jdbc.EmbedConnection.handleException(Unknown Source)
at org.apache.derby.impl.jdbc.ConnectionChild.handleException(Unknown Source)
at org.apache.derby.impl.jdbc.EmbedStatement.execute(Unknown Source)
at org.apache.derby.impl.jdbc.EmbedStatement.execute(Unknown Source)

Answer 1

1. Strings should be between two 'username' so your query should look like this statement.execute("INSERT INTO "+tableName +" VALUES ('" + userName +"','" + password +"')");

2. But this is not secure, to avoid any Syntax error or SQL Inject, you have to use PreparedStatement instead.

3. about this error java.sql.SQLSyntaxErrorException this happen because you don't specify which columns you want to insert in your query, so it should look like this :

    INSERT INTO tableName(username_col, password_col) VALUES ('userName', 'password')
    //-----------------------^-------------^----------------------^-----------^