i am writing an insert query for posgressql but it is not accepting that...it will be very helpfull for me if you suggest the right way........
where stmt is an object of Statement.and my table named(mytable) has the following fields
when i m running this code there is an exception that""" patient_id does not exist""""
Jeanne Boyarsky wrote:
This code doesn't pass Java variables to your code. You have two choices:
Option 1 - build the query inserting the variables directly
String qry="insert into mytable(patient_id,patient_name,patient_type)"+"values("+patient_id+",'"+patient_name +"','" +patient_type + "');";
Option 2 - use a PreparedStatement instead of a Statement:
String qry="insert into mytable(patient_id,patient_name,patient_type)"+"values(?,?,?);";
In real application code, you'll want to use option 2 so you don't have to worry about SQL injection where people can mess up your database or hack your application.
thank you jeanne for nice suggestion ...actualy i want to do this without using place holders(prepared statement) approach...i was confuse in appending the variables..thank you again for nice explaination