Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

using a java variable to store database table name

 
Giuseppa Cefalu
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Is there a way to store the table name in a java variable (String tableName = "orders") and that way use the variable in the sql statement instead of using the specific tbale Name? For example:


The code below does not work;





thank you,

 
Martin Vajsar
Sheriff
Posts: 3752
62
Chrome Netbeans IDE Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, you could do:
(note the double quotes)

However, be sure to do proper validation of the table name to prevent the sql injection. As table name cannot be bind into the query, you must validate it. The best validation would be to verify that a table with that name actually exists in the database. If the verification means running another query, make sure to bind the value in this case.
 
Giuseppa Cefalu
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you. The statement works. Could you please indicate a reading about validation and injection?

Thanks again
 
Martin Vajsar
Sheriff
Posts: 3752
62
Chrome Netbeans IDE Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Giuseppa Cefalu wrote:Thank you. The statement works. Could you please indicate a reading about validation and injection?

Search on the internet for "sql injection". There are many discussions also here on Javaranch and generally on the internet. Try to read a few articles and come back with specific questions if it is still unclear.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic