Variable column names using prepared statements

Question

I was wondering if there was anyway to specify returned column names using prepared statements.

I am using MySQL and Java.

When I try it:

St         


        

Answer 1

Use sql injection disadvantage of Statement Interface as advantage. Ex:

st=conn.createStatement();
String columnName="name";
rs=st.executeQuery("select "+ columnName+" from ad_org ");