File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JDBC and the fly likes How to escape this JDBC string when right side is a little complicated? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Bookmark "How to escape this JDBC string when right side is a little complicated?" Watch "How to escape this JDBC string when right side is a little complicated?" New topic
Author

How to escape this JDBC string when right side is a little complicated?

Dave Alvarado
Ranch Hand

Joined: Jul 02, 2008
Posts: 436
Hi,

I'm using Java 1.6 with Oracle 10.2. Right now, I build my SQL statement like this ...



Obviously, this is less than optimal because it allows for SQL injection. Is there a way I can rewrite the above to take advantage of PreparedStatements? Thanks, - Dave
Mykhailo Kozik
Greenhorn

Joined: May 12, 2011
Posts: 16

Use PreparedStatement.
It automatically prevents injections and also has higher performance.
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19653
    
  18

Moving to JDBC.


SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6
How To Ask Questions How To Answer Questions
Dave Alvarado
Ranch Hand

Joined: Jul 02, 2008
Posts: 436
Mykhalio,

PreparedStatement is not going to work ...



The expression after the "=" is more complicated. That's why I'm asking. - Dave
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Not sure I follow. Why is a PreparedStatement not going to work in this case? (Sorry if I'm just missing something obvious)


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Rui Silva
Greenhorn

Joined: May 13, 2011
Posts: 6
try


or I'm not understating the problem to...

regards
Mykhailo Kozik
Greenhorn

Joined: May 12, 2011
Posts: 16

Dave Alvarado wrote:Mykhalio,
PreparedStatement is not going to work ...


Really, i don't see the problem.
Use complicated part as part of PreparedStatement.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: How to escape this JDBC string when right side is a little complicated?
 
Similar Threads
parsing a simple string
struts 2: Stuck up with simple issue
Displaying values of variables of an object
Multiple Sub-queries. efficient or not ?
java stored procedure problems