Create table in mysql table via JSP [closed]

I am creating a code in which a mysql table will be create which table's name will be provided by the user. The user will type individual data and the code will concatenate all the data and will separate all the data by "*" and create the table with the outputted name. But it is showing error that

OVS$5PKT Lenny$Dk Blue com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Blue (SlNo INTEGER, ProcessName VARCHAR(25), Water INTEGER, ChemicalName V...' at line 1

The code works fine if I input a single data in one single field and not concatenate it. But it throws error when the user input data in more than one field and concatenate that with the separator.

Here is the code -

<%@ page import = "java.sql.*"%>
<%
    java.lang.String createDate = request.getParameter("createDate");
    java.lang.String origin = request.getParameter("origin");
    java.lang.String factoryName = request.getParameter("factoryName");
    java.lang.String buyerName = request.getParameter("buyerName");
    java.lang.String styleNumber = request.getParameter("styleNumber");
    java.lang.String poNumber = request.getParameter("poNumber");
    java.lang.String colorName = request.getParameter("colorName");
    java.lang.String washType = request.getParameter("washType");

    String conHelper = buyerName + "$" + styleNumber + "$" + colorName;

    out.println(conHelper);

    String JDBC_DRIVER = "com.mysql.jdbc.Driver";
    String DB_USER = "root";
    String DB_PASS = "";

    int originLength = origin.length();
    
    try{

        if(originLength == 7){

            String DB_URL = "jdbc:mysql://localhost:3306/erp-pre-cost(in-house)";
            Connection conn = DriverManager.getConnection(DB_URL, DB_USER, DB_PASS);
            Statement stmt = conn.createStatement();

            String createTable = "CREATE TABLE IF NOT EXISTS " + conHelper +
                       " (SlNo INTEGER, " + 
                       " ProcessName VARCHAR(25), " + 
                       " Water INTEGER, " + 
                       " ChemicalName VARCHAR(50), " + 
                       " gL FLOAT, " + 
                       " Doages INTEGER, " + 
                       " UOM ENUM('Kg', 'gm'), " +
                       " MachineRPM INTEGER, " +  
                       " pH FLOAT, " + 
                       " Time INTEGER, " + 
                       " Remarks VARCHAR(30))";

             stmt.executeUpdate(createTable);
             out.println("Success!");

        }else if(originLength == 11){

            String DB_URL = "jdbc:mysql://localhost:3306/erp-pre-cost(sub-contract)";
            Connection conn = DriverManager.getConnection(DB_URL, DB_USER, DB_PASS);
            Statement stmt = conn.createStatement();

            String createTable = "CREATE TABLE IF NOT EXISTS " + conHelper +
                       " (SlNo INTEGER, " + 
                       " ProcessName VARCHAR(25), " + 
                       " Water INTEGER, " + 
                       " ChemicalName VARCHAR(50), " + 
                       " gL FLOAT, " + 
                       " Doages INTEGER, " + 
                       " UOM ENUM('Kg', 'gm'), " +
                       " MachineRPM INTEGER, " +  
                       " pH FLOAT, " + 
                       " Time INTEGER, " + 
                       " Remarks VARCHAR(30))";

             stmt.executeUpdate(createTable);
             out.println("Success!");

        }else{
            out.println("Failed!");
        }

    }catch(Exception e){
        out.println(e);
    }

%> 

Kindly help!


Solution 1:

If you have spaces in table name, you should surround table name with ` characters e.g.

CREATE TABLE IF NOT EXISTS `OVS$5PKT Lenny$Dk Blue`
    (SlNo INTEGER,
    /*...*/
    Remarks VARCHAR(30));