java - Escaping single quotes in table SQL queries

Question

Welcome To Ask or Share your Answers For Others

java - Escaping single quotes in table SQL queries

asked Jan 31, 2022 in Technique[技术] by 深蓝 (71.8m points)

java - Escaping single quotes in table SQL queries

Using java.sql.Preparedstatement implies the escaping of characters will be done while parsing the queries, this does happen also when I have single quotes in my data but when I have single quotes in my table name itself the query does not work (I am using Oracle 11g).

Here's my code:

Class.forName("oracle.jdbc.OracleDriver");
con = DriverManager.getConnection(
    "jdbc:oracle:thin:client/adept@ind-db-02:1521:ind02");

PreparedStatement preparedStatement = con.prepareStatement(
    "SELECT * FROM (?) where rownum=1");

preparedStatement.setString(1,"CLIENT."SR'tab"");
ResultSet rs3=preparedStatement.executeQuery();

Is there any way of escaping single quotes from the table name using a prepared statement?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Answer

深蓝 · Answer 1 · 2022-01-31T07:05:29+0000

PreparedStatement placeholders are not intended for table names nor column names, they are only intended for actual column values. In other words, you are actually misusing PreparedStatement.

Categories

java - Escaping single quotes in table SQL queries

java - Escaping single quotes in table SQL queries

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

See also

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags