This question already has an answer here:
这个问题在这里已有答案:
- Using Prepared Statements to set Table Name 6 answers
- 使用Prepared Statements设置表名6答案
I am using a java PreparedStatment object to construct a series of batched INSERT queries. The query statement is of the format...
我正在使用java PreparedStatment对象来构造一系列批量INSERT查询。查询语句的格式为......
String strQuery = "INSERT INTO ? (col1, col2, col3, col4, col5) VALUES (?,?,?,?,?,?);";
...so both field values and the tablename are variables (ie. I have multiple tables with the same column format of which each insert will be directed to a different one). I can get the executes to work if I remove the "?" tablename variable and hard code but each prepared statement will be inserted into a different table so needs to remain a variable I populate immediately prior to executing the batch query using...
...所以字段值和表名都是变量(即,我有多个表格具有相同的列格式,每个表格将定向到另一个表格)。如果我删除“?”,我可以让执行工作tablename变量和硬代码,但每个预处理语句将被插入到不同的表中,因此需要保留一个变量,我在执行批处理查询之前立即填充...
stmt.setString(1, "tableName1");
How can I let this be a dynamic variable please?
我怎么能让这个变成动态变量呢?
5 个解决方案
#1
40
You can't. You need to contruct the sql with string concatenation/placeholder with String.format. prepared statement is for the column values not for table name.
你不能。您需要使用字符串连接/占位符和String.format构造sql。预准备语句用于列值而不是表名。
#2
12
You can use placeholder in place of table name and then replacing that with your tablename.
您可以使用占位符代替表名,然后将其替换为您的表名。
String strQuery = "INSERT INTO $tableName (col1, col2, col3, col4, col5)
VALUES (?,?,?,?,?,?);";
and replace when u come to know the tablename
当你知道tablename时替换
String query =strQuery.replace("$tableName",tableName);
stmt =conn.prepareStatement(query);
#3
-1
One alternative could be String.format:
一种替代方案可以是String.format:
e.g.
例如
String sql = String.format("INSERT INTO $1%s (col1, col2, col3, (etc)", myTablename);
#4
-2
The table name can't be used as a parameter. It must be hard coded. Try something like:
表名不能用作参数。它必须是硬编码的。尝试以下方法:
String tableName = "tableName1";
String strQuery = "INSERT INTO " + tableName + " (col1, col2, col3, col4, col5) VALUES (?,?,?,?,?,?);";
#5
-3
You would need to add it to the original string:
您需要将其添加到原始字符串:
String tableName = "some_table_name";
// some other code
String strQuery = "INSERT INTO " + tableName + " (col1, col2, col3, col4, col5) VALUES (?,?,?,?,?,?);";
Do you need the semi-colon in the strQuery? (you may do, it just looks a bit weird to me :-))
你需要在strQuery中使用分号吗? (你可能会这样,对我来说看起来有点奇怪:-))
#1
40
You can't. You need to contruct the sql with string concatenation/placeholder with String.format. prepared statement is for the column values not for table name.
你不能。您需要使用字符串连接/占位符和String.format构造sql。预准备语句用于列值而不是表名。
#2
12
You can use placeholder in place of table name and then replacing that with your tablename.
您可以使用占位符代替表名,然后将其替换为您的表名。
String strQuery = "INSERT INTO $tableName (col1, col2, col3, col4, col5)
VALUES (?,?,?,?,?,?);";
and replace when u come to know the tablename
当你知道tablename时替换
String query =strQuery.replace("$tableName",tableName);
stmt =conn.prepareStatement(query);
#3
-1
One alternative could be String.format:
一种替代方案可以是String.format:
e.g.
例如
String sql = String.format("INSERT INTO $1%s (col1, col2, col3, (etc)", myTablename);
#4
-2
The table name can't be used as a parameter. It must be hard coded. Try something like:
表名不能用作参数。它必须是硬编码的。尝试以下方法:
String tableName = "tableName1";
String strQuery = "INSERT INTO " + tableName + " (col1, col2, col3, col4, col5) VALUES (?,?,?,?,?,?);";
#5
-3
You would need to add it to the original string:
您需要将其添加到原始字符串:
String tableName = "some_table_name";
// some other code
String strQuery = "INSERT INTO " + tableName + " (col1, col2, col3, col4, col5) VALUES (?,?,?,?,?,?);";
Do you need the semi-colon in the strQuery? (you may do, it just looks a bit weird to me :-))
你需要在strQuery中使用分号吗? (你可能会这样,对我来说看起来有点奇怪:-))