Firstly do not build the SQL as a string, that is just asking for trouble.
Try something like this:
import java.sql.DriverManager;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
public class UpdateInventory
{
private final String protocol;
private final String dbName;
private final String username;
private final String password;
private final Connection connection;
public UpdateInventory(String protocol,
String dbName,
String username,
String password)
throws SQLException
{
this.protocol = protocol;
this.dbName =dbName;
this.username = username;
this.password = password;
this.connection = DriverManager.getConnection(protocol + dbName,
username, password);
}
public int update(String item, int quantity)
throws SQLException
{
if (item == null ||
"".equals(item))
{
throw new IllegalArgumentException("Item must be set");
}
if (quantity <= 0)
{
throw new IllegalArgumentException("Quantity must be greater than zero");
}
PreparedStatement updateInventory = this.connection.prepareStatement(
"UPDATE inventory SET quantity = (quantity - ?) WHERE item = ?");
updateInventory.setInt(1, quantity);
updateInventory.setString(2, item);
return updateInventory.executeUpdate();
}
}