发表新帖
发表新帖

Variable column names using prepared statements

后端 未结
关注
7 736
不要未来只要你来
不要未来只要你来 2020-11-22 08:12

I was wondering if there was anyway to specify returned column names using prepared statements.

I am using MySQL and Java.

When I try it:

St
7条回答
  • 一整个雨季
    一整个雨季 (楼主)
    2020-11-22 08:48

    This indicates a bad DB design. The user shouldn't need to know about the column names. Create a real DB column which holds those "column names" and store the data along it instead.

    At any way, no, you cannot set column names as PreparedStatement values. You can only set column values as PreparedStatement values

    If you'd like to continue in this direction, you need to sanitize the column names (to avoid SQL Injection) and concatenate/build the SQL string yourself. Quote the separate column names and use String#replace() to escape the same quote inside the column name.

    0 讨论(0)
 看不清?
提交回复
热议问题