ansaurus

Question

Answer 1

+3 A:

You have:

pStmt = cn.prepareStatement("SELECT * FROM" + tablename +" WHERE ? = ? ");
pStmt.setString(1, tablename);
pStmt.setString(2,field);
pStmt.setString(3,value);

Two ?, but attempting to set three parameters.

In fact, you can't set things like names of tables and columns through prepared statement parameters.

You will also need to spell you variable names consistently and do something about the checked exceptions.

(When asking questions about code that causes errors, it's generally a good idea to quote the errors.)

Tom Hawtin - tackline 2010-05-17 12:09:59

Answer 2

A:

When using PreparedStatements you are only able to substitute in values, not the names of tables as you've attempts to do with " WHERE ? = ?".

Regarding your second code snippet, apart from the spelling mistake ("filed") I can't see why this would fail. What error are you getting?

Adamski 2010-05-17 12:10:15

Not assigned the pStmt variableThe statement cn.prepareStatement(sqlQuery);should bepStmt = cn.prepareStatement(sqlQuery);

RaviG 2010-05-17 12:13:50

ERROR in findbyid You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= 1' at line 1nullcom.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= 1' at line 1 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

akshay 2010-05-17 12:13:58

Answer 3

A:

In the first one you have 2 parameters in the query but you are adding a third, in the second statement you have a typo...

ResultSet findByUsername(String tablename,String field,String value)
{ 
    pStmt = cn.prepareStatement("SELECT * FROM" + tablename +" WHERE " + field" + = ? ");
    pStmt.setString(1,value);
    return(pStmt.executeQuery());    
}

npinti 2010-05-17 12:11:51

I don't think `"field"` should be a string literal - `field` is passed as a parameter.

Ash 2010-05-17 12:17:42

changed it. thanks.

npinti 2010-05-17 14:42:51

Answer 4

A:

hi, On second one try with single code on string value.

String sqlQueryString = " SELECT * FROM " + tablename +" WHERE " + filed + " = ? ");

use single code on comparing string values. Give space between field and equal to.

thanks

prashant 2010-05-17 12:15:04

Answer 5

+1 A:

I see two problems here:

"+ tablename +" should be replaced with ?
WHERE ?=? is totally wrong because of the conception of prepared statements. Prepared statements are precompiled statements, refering to the same table('s) and column('s) with different values under criterea (binded values). You can not bind a table or column name (or any other db object).

folone 2010-05-17 12:18:24

ansaurus

tags:

views:

answers:

problem in jdbc preparestatement

related questions