Adding a variable into a sql statement in Java

Question

I am trying to write a sql statement in java that uses a string variable in the where clause. I have tries multiple ways to do this but it keep telling me that I am not using the proper syntax. Can someone please tell me the right way to do this? The variable in this query is par_id.

String sql2 = "SELECT * FROM Tennis1294966077108.container_tbl WHERE parent_id =+"'par_id'"+ORDER BY creation_time asc";

objects · Accepted Answer · 2011-03-21 04:55:20Z

11

Use a PreparedStatement

PreparedStatement ps = connection.prepareStatement("SELECT * FROM Tennis1294966077108.container_tbl WHERE parent_id = ? ORDER BY creation_time asc");
ps.setObject(1, par_id);

answered Mar 21, 2011 at 4:55

objects

8,6874 gold badges33 silver badges38 bronze badges

Sign up to request clarification or add additional context in comments.

4 Comments

Big_A Over a year ago

Hey Suresh,Im still getting a null pointer exception with that.

Big_A Over a year ago

the line of this prepared statement

objects Over a year ago

make sure you have created the connection

Big_A Over a year ago

Ok so I got it figured out. This line does work. The problem was where I had each query closing. I have multiple queries in the application so the close statement ended up in the wrong place...noob mistake...Thank you very much for all the help! =)

Akki · Accepted Answer · 2013-01-25 07:30:56Z

1

String sql2 = "SELECT * FROM Tennis1294966077108.container_tbl WHERE parent_id='"+par_id+"'
ORDER BY creation_time asc";

answered Jan 25, 2013 at 7:30

Akki

1,2513 gold badges15 silver badges35 bronze badges

2 Comments

Andreas Fester Over a year ago

Dont use string concatenation when passing data to a SQL statement. This is vulnerable for SQL injections.

Akki Over a year ago

Ok. Thanks for informing!

Hendrik Brummermann · Accepted Answer · 2011-03-21 07:30:24Z

0

PreparedStatement ps = connection.prepareStatement(
    "SELECT * FROM Tennis1294966077108.container_tbl " +
    "WHERE parent_id = ? ORDER BY creation_time asc");
ps.setInt(1, par_id);

edited Mar 21, 2011 at 7:30

Hendrik Brummermann

8,3403 gold badges34 silver badges55 bronze badges

answered Mar 21, 2011 at 6:39

developer

9,54830 gold badges95 silver badges155 bronze badges

Comments

James Anderson · Accepted Answer · 2011-03-21 04:52:15Z

-1

Try:

"SELECT * FROM Tennis1294966077108.container_tbl WHERE parent_id = '" 
+ par_id 
+ "' ORDER BY creation_time asc";

answered Mar 21, 2011 at 4:52

James Anderson

27.5k7 gold badges55 silver badges81 bronze badges

Collectives™ on Stack Overflow

Adding a variable into a sql statement in Java

4 Answers 4

4 Comments

2 Comments

Comments

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

4 Answers 4

4 Comments

2 Comments

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Related