using prepared statement

conside the following  query which is executed using Stament stmt..
sqlcom = "select count(*) from bloodbanks where ucase(city) = \'" + city.toUpperCase() + "\'";

if (!pin.equals(""))
      sqlcom = sqlcom + " and pin = \'" + pin + "\'";

if (!area.equals(""))
      sqlcom = sqlcom + " and ( ucase(area) like  \'" + area.toUpperCase()  "%\')";  
   
Statement stmt=con.createStatement();
ResultSet rs=stmt.executeQuery(sqlcom);

now how to execute the above using prepared statement.
qader99Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
mohansConnect With a Mentor Commented:
String sqlcom = "select count(*) from bloodbanks where ucase(city) =?";
Vector params = new Vector();
params.addElement(city.toUpperCase());

if (!pin.equals("")) {
  sqlcom = sqlcom + " and pin = ?";
  params.addElement(pin);
}

if (!area.equals("")) {
  sqlcom = sqlcom + " and ( ucase(area) like ?";
   params.addElement( area.toUpperCase() );
}

PreparedStatement ps = con.prepareStatement(sqlcom);
for (int i=0; i<params.size(); i++){
  ps.setObject(i+1, params.elementAt(i));
}

ResultSet rs = ps.executeQuery();
0
All Courses

From novice to tech pro — start learning today.