Обсуждение: PreparedStatement parameters question
I have a table like this:
CREATE TABLE foo { number INT, name VARCHAR(100), email VARCHAR(100));
and I am trying to do this with a prepared statement:
PreparedStatement st = db.prepareStatement("UPDATE foo SET ? = '?' " +
"WHERE number = ?");
Whenever I use this I get a "Parameter index out of range" error.
I am assuming that what this means is that I can't use a ? as a column
name, but it can only be used as a parameter. Am I correct in this?
The main reason I want to use PreparedStatement in this case is for
safety. Should I basically do it like this:
PreparedStatement st = db.prepareStatement("UPDATE foo SET " + colname
+ "= '?' WHERE number = ?");
Is that the only way to do this?
Thanks
On 20 Oct 2001 22:34:05 -0000, you wrote:
>PreparedStatement st = db.prepareStatement("UPDATE foo SET ? = '?' " +
> "WHERE number = ?");
>
>Whenever I use this I get a "Parameter index out of range" error.
>
>I am assuming that what this means is that I can't use a ? as a column
>name, but it can only be used as a parameter. Am I correct in this?
You can only use ? parameters to supply values, not table names,
column names or syntactical elements of SQL.
>Should I basically do it like this:
>
>PreparedStatement st = db.prepareStatement("UPDATE foo SET " + colname
> + "= '?' WHERE number = ?");
>
>Is that the only way to do this?
Yes. I don't think you need the single quotes though.
Regards,
René Pijlman <rene@lab.applinet.nl>