England Forum - UK Forum
  
   

Go Back   England Forum - UK Forum > Computers and Technology > Developers Forum > Java Forum
http://englanddebate.com/Reload this Page Java JDBC Statement question?

 

 


Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 11-08-2008
Peon
  
Join Date: May 2008
Posts: 35
Default Java JDBC Statement question?
Making a little progress here, but i have a problem. I am using a Statement for this query, not a PreparedStatement. In my query i have the line
"WHERE Event_Name=`100M Run'";
where 100M Run is a String. but what do i do if my String is inside of an object called eveyType. How do i set it as an object? I have been trying stuff like
"WHERE Event_Name='"eveType2"'";
with the extra quotations, but its not working. How do i set an object without using a preparedstatement?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Sponsored Links

  #2 (permalink)  
Old 11-08-2008
Peon
  
Join Date: Nov 2008
Posts: 1
Default
You can't do it that way. Ideally, use a PreparedStatement set the where clause as: "WHERE Event_Name= ? ", then use ps.setString(1,eveyType.xxx);

Another, BAD method is to append them together like so:
"WHERE Event_Name = '" + eveyType.xxx + "'";
However this is very dangerous since it allows script injection. Basically whoever provides the value for the string (ie the user) could use it to force an SQL command to be executed in your database - and that includes dropping the table etc.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 11-08-2008
Peon
  
Join Date: Nov 2008
Posts: 4
Default
Use single quotes

"WHERE Event_Name='" + eveType2 + "'"
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 05:07 AM.

Contact Us - England Forum - Archive - Top

Powered by vBulletin® Version 3.6.10
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.2.0 RC7
Sh3lls.net - Premium Cpanel Web Hosting, DDOS Protected VPS Hosting, Shoutcast hosting and UNIX IRC Shell Hosting
Sedo - Buy and Sell Domain Names and Websites project info: englanddebate.co.uk Statistics for project englanddebate.co.uk etracker® web controlling instead of log file analysis

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213