java - Prepared statement execute query error (com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException) -
i have written simple method string out of database:
public string getuserstring(int id, string table, string column) { string output = null; try { string sql = "select ? ? id=?;"; preparedstatement preparedstatement = getconnection().preparestatement(sql); preparedstatement.setstring(1, column); preparedstatement.setstring(2, table); preparedstatement.setint(3, id); resultset resultset = preparedstatement.executequery(); while (resultset.next()) { output = resultset.getstring(column); } } catch (sqlexception e) { e.printstacktrace(); } return output; } but when try use this: coremysql.getuserstring(1, "economy", "balance");
i error: https://pastebin.com/bmamn4xh
you can't set table name , column names setxxx method(s) preparedstatement. can used set values.
however, can simple string replace substitute table names , column names, e.g.:
string query = select <column> <table> id=?; string sql = query.replaceall("<column>", column).replaceall("<table>", table); preparedstatement preparedstatement = getconnection().preparestatement(sql); preparedstatement.setint(1, id); resultset resultset = preparedstatement.executequery(); while (resultset.next()) { output = resultset.getstring(column); } 
Comments
Post a Comment