Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

What is wrong with this code

 
Hemant Agarwal
Ranch Hand
Posts: 138
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is wrong with this code

String str = "blood_group_name";
ptmt = con.prepareStatement("select ? from blood_group");
ptmt.setString(1, str);

rs = ptmt.executeQuery();

Now my table has two records and my recordset contains two values "blood_group_name", "blood_group_name"

Why?
 
Manuel Moons
Ranch Hand
Posts: 229
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
replace your sql with: "select blood_group_name from blood_group where blood_group_name=?";

Or are you trying to select your column dynamically? I think you will have to generate the sql then:

"select " + str + " from blood_group";
 
Hemant Agarwal
Ranch Hand
Posts: 138
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


But what is wrong in that code?
 
Jeff Albertson
Ranch Hand
Posts: 1780
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can't parameterize a prepared statement by column name.
 
Hemant Agarwal
Ranch Hand
Posts: 138
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What do you mean by this statement

Please elaborate
 
Scott Selikoff
author
Saloon Keeper
Posts: 4033
18
Eclipse IDE Flex Google Web Toolkit
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually I'd suspect the PreparedStatement class might throw an exception on this (although I haven't verified). The parameterizations for PreparedStatement aren't just blanket find&replace, but are actually pretty strongly tied to actual SQL logic.

For example, the following I'm sure wouldn't work:



PreparedStatements are not to be confused with simple cut and pastes of Strings, when you make a PreparedStatement the logic for the query gets parsed to some degree. For example, if you use setString() it places quotes automatically around the object whereas if you use setInt() no quotes are placed.
[ November 22, 2005: Message edited by: Scott Selikoff ]
 
Hemant Agarwal
Ranch Hand
Posts: 138
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
 
Jeff Albertson
Ranch Hand
Posts: 1780
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Hemant Agarwal:


Please elaborate.
 
Joel McNary
Bartender
Posts: 1840
Eclipse IDE Java Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That is not likely to throw an exception, since the SQL that it would evaluate to is:



Note the single quotes -- you are selecting a constant value. You will select that value once for each record in the table that you are selecting from. Since your table has two records, you are getting the constant result twice.

To avaid this, use Manual's suggestion(s).
 
Jim Yingst
Wanderer
Sheriff
Posts: 18671
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Whether or not an exception is thrown in this case probably depends on the driver and/or database. Apparently on Hemant's system there's no exception thrown, but the results are nonsense. I suspect that what's happening is that the select statement is getting treated as equivalent to

    select 'blood_group_name' from blood_group

When using a PreparedStatement and setString(), the value is always treated as a string literal, not a column name.

The table blood_group probably has two entries, so two rows are returned - but the content of each row is just the literal 'blood_group_name' since that's what was asked for.
 
Joel McNary
Bartender
Posts: 1840
Eclipse IDE Java Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hehe.. I Yingst-ed Jim.....

Anyway, I'm moving this to JDBC forum
 
Jim Yingst
Wanderer
Sheriff
Posts: 18671
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
[Joel]: Hehe.. I Yingst-ed Jim.....

You b@$+@rd!
 
Steve Morrow
Ranch Hand
Posts: 657
Clojure Spring VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Xenophobia is the fear of strangers.
Zenophobia is the fear of getting half way there.


Noxzemaphobia is the fear of blemish-free skin.
 
Hemant Agarwal
Ranch Hand
Posts: 138
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Noxzemaphobia is the fear of blemish-free skin.


Any other views
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 35279
384
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Before this conversation moves too far away from JDBC: all replies about Noxzemaphobia or the like should go in our Miscellaneous Drivel forum near the bottom of the forum list.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic