Home/ Questions/Q 8624329
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T07:30:09+00:00

I am trying to implement PreparedStatement, which won’t work with sql DB. Suppose I

  • 0

I am trying to implement PreparedStatement, which won’t work with sql DB.

Suppose I have the following sql query:

String selectSqlQuery = "SELECT * FROM customer WHERE f1 = ? AND f2 =? AND f3 > ?";

and the following code:

       //----

        prest = con.prepareStatement(selectSqlQuery );
        prest.setString(1, "val1");
        prest.setString(2, "val2");
        prest.setInt(3, 108);
        ResultSet rs = prest.executeQuery();
        //---

My question is how to implement setString and setInt methods for injecting params?

For now I save parameters’ indexes and values into HashMap, but after it I can’t make injection into sql query string.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Since you’re writing your own driver, you can play with your class a little. Let’s change the approach. If you have a query like this one:

    "SELECT * FROM table WHERE id = ? AND name = ?"

    Replace the ? to turn it into

    "SELECT * FROM table WHERE id = {0} AND name = {1}"

    About your set methods, those will have to save your new parameters in an Object array, again matching against the index.

    Object parameterArray = new Object[1];

public boolean setString(int paramIndex, String param) {
    if(paramIndex < 0 || paramIndex > parameterArray.length)
        throw new IllegalArgumentException("Can't set parameter " + paramIndex + ", The query only has " + parameterArray.length + " parameters."); 
    parameterArray[paramIndex - 1] = param;
}

    Before executing the query, take advantage of your formatted string and set the parameters:

    MessageFormat messageFormat = new MessageFormat(query);
String newQuery = messageFormat.format(parameterArray);

    The format method will replace the {number} substrings for the corresponding element in the index represented by the number between brackets.

    • 0