troubleshooting Question

how to avoid concatenation while using prepartstatement

Avatar of srikotesh
srikotesh asked on
Java
10 Comments1 Solution52 ViewsLast Modified:
Hi Experts,

String acct_nos = parameters.get("ACCT_NOS");//this may have multiple acct nos
ResultSet resultSet= null;		
PreparedStatement statement = null;		
statement = con.prepareStatement("select distinct ACCOUNT_NUMBER,CODE from ACCOUNTS " +
				"where ACCOUNT_NUMBER in(" + acct_nos + ")");
statement.execute()

how to avoid concatenation here
when i try with below code it is printing any value

statement = con.prepareStatement("select distinct ACCOUNT_NUMBER,CODE from ACCOUNTS " +
				"where ACCOUNT_NUMBER in(?)");
statement.setString(1,acct_nos);
ResultSet resultSet = statement.getResultSet();
while(resultSet.next()) {
String accno = resultSet.getString(1);
System.out.println("accno is "+accno);
}

Open in new window

ASKER CERTIFIED SOLUTION
ste5an
Senior Developer

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 10 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 10 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros