Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
858 views
in Technique[技术] by (71.8m points)

java - Escaping single quotes in table SQL queries

Using java.sql.Preparedstatement implies the escaping of characters will be done while parsing the queries, this does happen also when I have single quotes in my data but when I have single quotes in my table name itself the query does not work (I am using Oracle 11g).

Here's my code:

Class.forName("oracle.jdbc.OracleDriver");
con = DriverManager.getConnection(
    "jdbc:oracle:thin:client/adept@ind-db-02:1521:ind02");

PreparedStatement preparedStatement = con.prepareStatement(
    "SELECT * FROM (?) where rownum=1");

preparedStatement.setString(1,"CLIENT."SR'tab"");
ResultSet rs3=preparedStatement.executeQuery();

Is there any way of escaping single quotes from the table name using a prepared statement?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

PreparedStatement placeholders are not intended for table names nor column names, they are only intended for actual column values. In other words, you are actually misusing PreparedStatement.

See also


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...