Обсуждение: PreparedStatement parameters question
I have a table like this: CREATE TABLE foo { number INT, name VARCHAR(100), email VARCHAR(100)); and I am trying to do this with a prepared statement: PreparedStatement st = db.prepareStatement("UPDATE foo SET ? = '?' " + "WHERE number = ?"); Whenever I use this I get a "Parameter index out of range" error. I am assuming that what this means is that I can't use a ? as a column name, but it can only be used as a parameter. Am I correct in this? The main reason I want to use PreparedStatement in this case is for safety. Should I basically do it like this: PreparedStatement st = db.prepareStatement("UPDATE foo SET " + colname + "= '?' WHERE number = ?"); Is that the only way to do this? Thanks
On 20 Oct 2001 22:34:05 -0000, you wrote: >PreparedStatement st = db.prepareStatement("UPDATE foo SET ? = '?' " + > "WHERE number = ?"); > >Whenever I use this I get a "Parameter index out of range" error. > >I am assuming that what this means is that I can't use a ? as a column >name, but it can only be used as a parameter. Am I correct in this? You can only use ? parameters to supply values, not table names, column names or syntactical elements of SQL. >Should I basically do it like this: > >PreparedStatement st = db.prepareStatement("UPDATE foo SET " + colname > + "= '?' WHERE number = ?"); > >Is that the only way to do this? Yes. I don't think you need the single quotes though. Regards, René Pijlman <rene@lab.applinet.nl>