Reputation: 1553
SQL Prepared Statement to Create Table
I wanted to know of some way to create table on the fly based on user input(SQL Prepared Statement)
CREATE TABLE ? (
First_Name char(50),
Last_Name char(50)
)
What should i put in place of question mark
Upvotes: 10
Views: 5817
Answers (2)
Reputation: 570385
PreparedStatement placeholders are not intended for table names nor column names, they are only intended for actual column values.
So you would have to create the (prepared) statement string dynamically, which means your application will be vulnerable to SQL injection. Depending on how the application is supposed to be used - and by who - this could be a BIG problem.
Related question
Upvotes: 15
Reputation: 83599
As the other answers point out, you cannot use prepared statement in this case, as replacement of table names is not supported in most DBMS.
However, I'd like to point out that choosing a table name based on user input seems like a bad idea. How do you prevent duplicates, or invalid names?
Why does the table name matter?
Upvotes: 2
Related Questions
- sql prepared statement and java
- PreparedStatement with table name
- How do I make a prepared statement?
- How to use prepared statement
- Cant create table with preparedStatement
- Creating table dynamically by SQL in Servlet
- Java MySql preparedStatement
- JDBC: Create Table with PreparedStatement, SQL Syntax Error or not?
- INSERT SQL in Java
- JDBC generation of SQL in PreparedStatement