JDBC general query execution

views:

answers:

+1 Q:

JDBC general query execution

Is there a way, in JDBC, to execute a generic query ? I mean run something like execute(String strSql) where strSql could be a SELECT, an INSERT, an UPDATE,a CREATE,... or whatever.

If no, how would you fix this up ?

Proposed solution:

@Override
public void execQuery(String Query) throws SQLException {
    this.statement = this.connection.createStatement();
    if (this.statement.execute(Query)) {
        this.resultset = this.statement.getResultSet();
    }
}

Note that your proposed solution is susceptible a SQL injection attack. Use java.sql.PreparedStatement instead, as described in Using Prepared Statements.

trashgod 2010-09-07 03:14:38

Hi, trashgod, thanks for formatting my code ! Then, the app I'm developing executes user's SQL so SQL injection isn't a problem at all ;)

Miloud B. 2010-09-08 17:03:16

Users like these? http://xkcd.com/327/ :-)

trashgod 2010-09-08 20:12:34

Excellent ahahaha :p

Miloud B. 2010-09-10 05:03:07

Btw, my app is targeted to developers, it allows running queries on a database that's why SQL inject. isn't an issue :)

Miloud B. 2010-09-10 05:03:48

ansaurus

tags:

views:

answers:

JDBC general query execution

related questions