Reference variables in SQL SELECT Statement

The JSP newbie here again....

I'm passing form values to a page, and want to reference one of the variables in my SELECT statement - that is - instaed of using
ResultSet rs = stmt.executeQuery("SELECT * FROM TABLE_T WHERE  ACCT_NO = 123 ");

I want to use a variable for the account number instead of the actual number.  I can reference that number by using <%= request.getParameter("custn") %>, but that synatax won't work if I use it in the SELECT statement like so:

ResultSet rs = stmt.executeQuery("SELECT * FROM TABLE_T WHERE  ACCT_NO = request.getParameter("custn") ");

I know I'm doing something wrong, but what?

Thx again for the help - I don't know what I would do without this site!

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Here is 2 ways to do this:

ResultSet rs = stmt.executeQuery("SELECT * FROM TABLE_T WHERE  ACCT_NO = " + request.getParameter("custn"));

or the better way is to use a PreparedStatement instead, like this:

PreparedStatement ps = con.prepareStatement("SELECT * FROM TABLE_T WHERE  ACCT_NO = ?");
ps.setString(1, request.getParameter("custn"));
ResultSet rs = ps.executeQuery();

Hope that help's,


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
String custn= request.getParameter("custn");       
ResultSet rs = stmt.executeQuery("SELECT * FROM TABLE_T WHERE  ACCT_NO LIKE '"+ custn +"'");

It will work
liltygaAuthor Commented:
Thanks so much you guys! :)
SELECT * FROM TABLE_T  WHERE CURDATE > '2003-01-01:00.00.00' AND CURDATE<= '2003-01-01:23:59:59'
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.