Re: Can't use a variable for a column name?

Chris wrote:
> A user enters a name into a textfield and clicks on a "Find"
> button.  Depending on which text field the user entered the
> data, the appropriate column name in the table is used for
> fieldName and the entered text is passName.  However, the
> fieldName doesn't return anything.  But if I replace
> fieldName with the column name ("WHERE first_name='"), the
> program returns values.  Can't we use variables for column
> names or do I have to just put it all in an if/else statement?
>
> Here is my code:
>
>               result = fe.executeQuery("SELECT first_name, last_name, emp_nbr, emp_type_code, emp_status_code, emp_work_center " +
>                                             "FROM employee " +
>                                             "WHERE '"+fieldName+"'='"+passName+"'");

I'm not 100% certain if I understood you right, but if I did,
the statement should look like this:

result = fe.executeQuery("SELECT first_name, last_name, emp_nbr, emp_type_code, emp_status_code, emp_work_center " +
                        "FROM employee " +
                        "WHERE "+fieldName+"='"+passName+"'");

Also, be aware that this is wide open to SQL injection, unless you
double single quotes in fieldName and passName first.

Yours,
Laurenz Albe