[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 259
  • Last Modified:

using prepared statement

conside the following  query which is executed using Stament stmt..
sqlcom = "select count(*) from bloodbanks where ucase(city) = \'" + city.toUpperCase() + "\'";

if (!pin.equals(""))
      sqlcom = sqlcom + " and pin = \'" + pin + "\'";

if (!area.equals(""))
      sqlcom = sqlcom + " and ( ucase(area) like  \'" + area.toUpperCase()  "%\')";  
   
Statement stmt=con.createStatement();
ResultSet rs=stmt.executeQuery(sqlcom);

now how to execute the above using prepared statement.
0
qader99
Asked:
qader99
1 Solution
 
mohansCommented:
String sqlcom = "select count(*) from bloodbanks where ucase(city) =?";
Vector params = new Vector();
params.addElement(city.toUpperCase());

if (!pin.equals("")) {
  sqlcom = sqlcom + " and pin = ?";
  params.addElement(pin);
}

if (!area.equals("")) {
  sqlcom = sqlcom + " and ( ucase(area) like ?";
   params.addElement( area.toUpperCase() );
}

PreparedStatement ps = con.prepareStatement(sqlcom);
for (int i=0; i<params.size(); i++){
  ps.setObject(i+1, params.elementAt(i));
}

ResultSet rs = ps.executeQuery();
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now