BenoitParis
Reputation: 3184
Use PreparedStatement to build a query
I was wondering if using PreparedStatement.setString() was a good idea (possible, sensible?) to dynamically build a query.
For example :
sql code:
SELECT * FROM table1 WHERE table1.category = ? ?
java code:
ps.setString(1,"category1");
ps.setString(2,"AND table1.category = 'category2'");
Also, would it be possible to do something like:
ps.setString(1,"category1");
ps.setString(2," AND table1.category = ?");
ps.setString(3,"category2");
Best regards
Upvotes: 2
Views: 344
Answers (2)
shazin
Reputation: 21883
Whatever you put inside setString will go within single quotes ' ' and will not be interpreted as a query.
Upvotes: 3
John Woo
Reputation: 263683
Unfortunately, NO.
PreparedStatements are strictly for values only. Table Names and Column Names (as well as conditions in your example) are not allowed. So the best way to do is to concatenate it with the string.
String others = " AND table1.category = ?";
String query = "SELECT * FROM table1 WHERE table1.category = ? " + others;
java code:
ps.setString(1,"category1");
ps.setString(2,"category2");
Upvotes: 9
Related Questions
- Prepared statement as sql parameter
- How to use prepared statement for select query in Java?
- prepared statement
- How to use prepared statement
- SELECT with WHERE using PreparedStatement
- Java MySql preparedStatement
- SQL PreparedStatement; Am I doing it right?
- How to create a dynamic prepared statement in Java?
- What's the correct way to use PreparedStatement in java?
- Query from PreparedStatement