I have a table like this:
CREATE TABLE foo { number INT, name VARCHAR(100), email VARCHAR(100));
and I am trying to do this with a prepared statement:
PreparedStatement st = db.prepareStatement("UPDATE foo SET ? = '?' " +
"WHERE number = ?");
Whenever I use this I get a "Parameter index out of range" error.
I am assuming that what this means is that I can't use a ? as a column
name, but it can only be used as a parameter. Am I correct in this?
The main reason I want to use PreparedStatement in this case is for
safety. Should I basically do it like this:
PreparedStatement st = db.prepareStatement("UPDATE foo SET " + colname
+ "= '?' WHERE number = ?");
Is that the only way to do this?
Thanks