Problem with String functions

I wrote following code:
public class abc { public static void main(String[] args) { String str = "select * from SbiDomains where valueCd = ? and domainCd = ? and name=?"; String toReplace="\\?"; String[] values=new String[3]; values[0]=Integer.toString(1234); values[1]=Integer.toString(1568); values[2]="Report"; String result = str.replaceFirst(toReplace, values[0]); System.out.println(result); String ss,strreplace; int index=0,i=1; while((index=str.indexOf("and",index+1))>-1) { ss=str.substring(index); strreplace=ss.replaceFirst("\\?",values[i]); i++; result=result.replaceAll(ss,strreplace); } System.out.println(result); } }

I get result:
select * from SbiDomains where valueCd = 1234 and domainCd = ? and name=Report?

desired result is:
select * from SbiDomains where valueCd = 1234 and domainCd =1568 and name=Report

What am I doing wrong?

result=result.replaceAll(ss,strreplace);
replaceAll() takes a regex input and I think it fails since '?' has a special meaning in regex. Modify it to replace() or instead of '?' use symbols like '#' to make it work with replaceAll().

use this code.

public class Test{ public static void main(String[] args) { String str = "select * from SbiDomains where valueCd = ? and domainCd = ? and name=?"; String[] values=new String[3]; values[0]=Integer.toString(1234); values[1]=Integer.toString(1568); values[2]="Report"; int index=0,i=0; while((index=str.indexOf("?",index+1))>-1) { str=str.replaceFirst("\\?",values[i]); i++; } System.out.println(str); } }

Eshwin,

Please UseCodeTags. You can edit your post and add code tags.

ok.

It looks like you are building an SQL statement.

You shouldn't use string concatenation etc. to build an SQL statement at all. This makes your program vulnerable to security problems such as SQL injection. Instead, you should use a PreparedStatement. It will handle filling in the parameters for the statement for you, and escape values properly to prevent SQL injection.

For example:
// Connection to the database Connection connection = DriverManager.getConnection("jdbc-url", "username", "password"); // Create a PreparedStatement PreparedStatement ps = connection.prepareStatement("select * from SbiDomains where valueCd = ? and domainCd = ? and name=?"); // Set the parameters ps.setInt(1, 1234); ps.setInt(2, 1568); ps.setString(3, "Report"); // Execute the statement ResultSet rs = ps.executeQuery(); // Do something with the results while (rs.next()) { // ... }

Thanks all.
The problem is solved