wood burning stoves 2.0*
The moose likes JDBC and the fly likes Problem with PreparedStatment and updatequery postgresql Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "Problem with PreparedStatment and updatequery postgresql" Watch "Problem with PreparedStatment and updatequery postgresql" New topic
Author

Problem with PreparedStatment and updatequery postgresql

Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

Hi Folks,
Im not sure whether this is the right place to post .Im facing a problem while using prepared statement along with the update query (I use Postgresql.).I've placed my code below,

However ,upon running . In the console im able to print the values of properties in the bean .
But when I print the query that is generated using PrepareStatement.
I get
UPDATE DOMAIN SET OBJECTID=?,ISACTIVE=?,CODE=?,DESCRIPTION=?,ISEDITABLE=?,DOMAINTYPE_OID=? WHERE OBJECTID=?

why is this???
Any help would be great .

Learning and Learning!-- Java all the way!
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

That is the query you are are using, so is this a surprise?


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

Um okay , I guess I must have missed something .However I was expecting to see the substituted values in place of the '?' marks . Arent they set by
stmt.setInt(1,bean.getObjid());

I guess i must be missiing something really simple here.. :/
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

PreparedStatements don't work (or at least tend not to - there are exceptions) by converting bound values directly to strings and passing a query to the data base. How drivers do this will be different but typically the SQL statement (with the place holders for the parameters) plus the parameters values themselves are sent and its up to the database to do the binding.
Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

Hi Paul ,
Thanks for replying . I guess the preparedstatement doesn't behave the way i was expecting it to with the update statement .But I resolved the issue by passing each of the fields passing them separately rather than using a '?'. and it worked.
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

By doing this you open your application to SQL injection attacks.

If you need to show the values of the parameters you can use something like p6spy or the database's own profiling tool (if it has one).
Vic Hood
Ranch Hand

Joined: Jan 05, 2011
Posts: 477

Havent heard of p6spy. And is pgAdmin III the profiling tool in case of PostGreSQL?
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Not sure - I've not really used PostGreSQL much. Most databases have some way of tracing the SQL being run on them, so I assume PostGreSQL will have some sort of tool for this too.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Problem with PreparedStatment and updatequery postgresql