Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Problem with PreparedStatment and updatequery postgresql

 
Vic Hood
Ranch Hand
Posts: 477
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Folks,
Im not sure whether this is the right place to post .Im facing a problem while using prepared statement along with the update query (I use Postgresql.).I've placed my code below,

However ,upon running . In the console im able to print the values of properties in the bean .
But when I print the query that is generated using PrepareStatement.
I get
UPDATE DOMAIN SET OBJECTID=?,ISACTIVE=?,CODE=?,DESCRIPTION=?,ISEDITABLE=?,DOMAINTYPE_OID=? WHERE OBJECTID=?

why is this???
Any help would be great .
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That is the query you are are using, so is this a surprise?
 
Vic Hood
Ranch Hand
Posts: 477
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Um okay , I guess I must have missed something .However I was expecting to see the substituted values in place of the '?' marks . Arent they set by
stmt.setInt(1,bean.getObjid());

I guess i must be missiing something really simple here.. :/
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
PreparedStatements don't work (or at least tend not to - there are exceptions) by converting bound values directly to strings and passing a query to the data base. How drivers do this will be different but typically the SQL statement (with the place holders for the parameters) plus the parameters values themselves are sent and its up to the database to do the binding.
 
Vic Hood
Ranch Hand
Posts: 477
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Paul ,
Thanks for replying . I guess the preparedstatement doesn't behave the way i was expecting it to with the update statement .But I resolved the issue by passing each of the fields passing them separately rather than using a '?'. and it worked.
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
By doing this you open your application to SQL injection attacks.

If you need to show the values of the parameters you can use something like p6spy or the database's own profiling tool (if it has one).
 
Vic Hood
Ranch Hand
Posts: 477
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Havent heard of p6spy. And is pgAdmin III the profiling tool in case of PostGreSQL?
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not sure - I've not really used PostGreSQL much. Most databases have some way of tracing the SQL being run on them, so I assume PostGreSQL will have some sort of tool for this too.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic