• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

jdbc

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi

i urgently need to build a dynamic query builder using prepared statement
how an a dynamic select query having multiple parameters can be built?
For. e.g. select * from xyz where a=? AND|OR b=? AND|OR c=? where occurence of a,b,c can be known only at runtime from user selection of parameters to the query builder also the parameter types also could vary such as String, int or a double? also clauses AND or OR can occur in between the parameters. Any Help would be highly appreciated.
thanks in advance.

Chandrashekhar
 
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Why using PreparedStatement is a must?
 
author & internet detective
Posts: 41860
908
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't see this being easier with a Statement over a PreparedStatement. And a PreparedStatement caches the execution plans for when the dynamic SQL happens to be ths same.

Building a statement or prepared statement is just a matter of logic (in java) to assemble the pieces separated with AND/OR. I'm not sure I understand the question.
 
Ranch Hand
Posts: 580
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Using PreparedStatements can be safer, though. Consider the case where you're substituting in values typed from the user on a webpage (or somewhere else). If they "Jim's Bar and Grill", you have to make sure you escape the ' character if you try to just build the SQL string dynamically. But, if you use a PreparedStatement and set the parameters, this is done for you.
 
Adeel Ansari
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I was just asking the reason, nothing else.
If you can do it with Statement then you can also go with PreparedStatement. PreparedStatement is better.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic