troubleshooting Question

how to avoid concatenation while using prepartstatement

Avatar of srikotesh
srikotesh asked on
Java
10 Comments1 Solution52 ViewsLast Modified:
Hi Experts,

String acct_nos = parameters.get("ACCT_NOS");//this may have multiple acct nos
ResultSet resultSet= null;		
PreparedStatement statement = null;		
statement = con.prepareStatement("select distinct ACCOUNT_NUMBER,CODE from ACCOUNTS " +
				"where ACCOUNT_NUMBER in(" + acct_nos + ")");
statement.execute()

how to avoid concatenation here
when i try with below code it is printing any value

statement = con.prepareStatement("select distinct ACCOUNT_NUMBER,CODE from ACCOUNTS " +
				"where ACCOUNT_NUMBER in(?)");
statement.setString(1,acct_nos);
ResultSet resultSet = statement.getResultSet();
while(resultSet.next()) {
String accno = resultSet.getString(1);
System.out.println("accno is "+accno);
}
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 10 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 10 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros