0

I was trying to parameterize value in Preparedstatement as below like

PreparedStatement ps = Connection.prepareStatement("select col_a,? from TABLE_A");
ps.setString(1,"myValue");
ps.execute();

I want the following return 

COL_A    myValue
-----------------
val1     myValue
val2     myValue

which is comparable to a plain sql as below.

select col_a,'myValue' 
from TABLE_A
Improve this question
3
  • possible duplicate of Variable column names using prepared statements Commented Apr 16, 2012 at 19:02
  • What are you actually getting? Just errors? Commented Apr 16, 2012 at 19:20
  • Hi folks thank you for your response... I was initially getting errors but somehow in DB2, it does work. I have no idea why and how but it does... Commented Apr 18, 2012 at 15:08

1 Answer 1

Reset to default
2

You can't parametrize column names.

For dynamic column names you will need to use dynamic SQL, which can open you up to SQL injection.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.