This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
i urgently need to build a dynamic query builder using prepared statement how an a dynamic select query having multiple parameters can be built? For. e.g. select * from xyz where a=? AND|OR b=? AND|OR c=? where occurence of a,b,c can be known only at runtime from user selection of parameters to the query builder also the parameter types also could vary such as String, int or a double? also clauses AND or OR can occur in between the parameters. Any Help would be highly appreciated. thanks in advance.
Using PreparedStatements can be safer, though. Consider the case where you're substituting in values typed from the user on a webpage (or somewhere else). If they "Jim's Bar and Grill", you have to make sure you escape the ' character if you try to just build the SQL string dynamically. But, if you use a PreparedStatement and set the parameters, this is done for you.
James Carman, President<br />Carman Consulting, Inc.
Joined: Aug 15, 2004
I was just asking the reason, nothing else. If you can do it with Statement then you can also go with PreparedStatement. PreparedStatement is better.