CODEWITHSUNDEEP
javasqljdbc
HOervald
HOervald

Reputation: 25

Fail to convert to internal representation JDBC

Ok so this is my code

public static ArrayList getMaterialerFraOrdreNr(String s_date, String e_date) throws SQLException, InterruptedException {
    int tal = 0;

    ArrayList nameOfColumns = getNameOfColumns();                     // name of columns
    ArrayList orderNumber = getOrdre_Nr_FromDB(s_date, e_date);           // order number 

    //første loop kører gennem number of columns
    //anden loop kører gennem name of column
    ResultSet rs = null;
    Connection con = null;

    try {
        Class.forName(DB.driver);
        con = DriverManager.getConnection(DB.URL, DB.ID, DB.PW);

        for (int i = 1; i < orderNumber.size(); i++) {
            for (int j = 1; j < nameOfColumns.size(); j++) {

                String nameOfColum = (String) nameOfColumns.get(i);
                int orderNr = (Integer) orderNumber.get(j);
                System.out.println("orderNr  " + orderNr);
                //SELECT v1001 FROM ORDRE_spec WHERE  ordre_nr = 1;
                String query = "SELECT ? AS ans FROM ordre_spec WHERE ordre_nr = ?";
                PreparedStatement prest = con.prepareStatement(query);

                prest.setString(1, nameOfColum);
                prest.setInt(2, orderNr);
                System.out.println("orderNr  "  + orderNr);
                System.out.println("nameOfColum  =   " + nameOfColum);
                rs = prest.executeQuery();
                if(rs.next()){


                    tal = rs.getInt("ans");

                    MaterialeNum.add(tal);
                    System.out.println("materiale num =    " + MaterialeNum);

                }
            }

        }

    } catch (ClassNotFoundException | SQLException ee) {
        System.out.println("fail og der er så her");
        System.err.println(ee);
    } finally {

        con.close();
    }
    System.out.println(kundeNum.toString());
    return kundeNum;

}

public static void main(String[] args) throws SQLException, InterruptedException {

    NewClass.getMaterialerFraOrdreNr("1990-10-10", "2020-10-10");

}

And my problem is that I'm getting a java.sql.SQLException: Fail to convert to internal representation

I really cant see what the error should be.. plz help if you can see the error :)

Upvotes: 1

Views: 6500

Answers (1)

BalusC
BalusC

Reputation: 1109262

String query = "SELECT ? AS ans FROM ordre_spec WHERE ordre_nr = ?";

You cannot parameterize column names. You can only parameterize column values.

Basically you need to do:

String query = "SELECT " + nameOfColum + " AS ans FROM ordre_spec WHERE ordre_nr = ?";

Keep in mind that this is prone to SQL injection if nameOfColum is controllable by enduser. If this is indeed the case, you may want to perform string matching on e.g. \w+ before continuing.

Upvotes: 5

Related Questions