I explain myself… I have a form with fill the query (eg.): SELECT *

Question

0

Editorial Team

Asked: May 27, 20262026-05-27T01:38:24+00:00 2026-05-27T01:38:24+00:00

I explain myself… I have a form with fill the query (eg.): SELECT *

0

I explain myself…

I have a form with fill the query (eg.):

SELECT * 
FROM table 
WHERE id=? AND name=? AND sex=? AND year=? AND class=?

but only the “id” is mandatory, all the other parameter are optional.
How can I fill (or re-create) the prerared statement for that query ???

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T01:38:25+00:00

You’d either have to use multiple prepared statements or just create a statement on the fly, checking which parameters you have.

Like this:

String query = "SELECT * FROM table WHERE id=?";
if( nameParameter != null ) {
  query += " AND name=?"; //don't never ever directly add the value here
}
...

Update/Warning: Don’t directly add the parameter values to the query string but use PreparedStatement and the like instead. As displayed above the query string should only contain placeholders for the values (eg. ?) in order to prevent SQL-injection attacks.

What I mean is, do NOT do the following:

if( nameParameter != null ) {
  //NEVER EVER, REALLY I MEAN IT, DON'T DO THIS
  query += " AND name='" + nameParameter + "'"; 
}

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I explain myself… I have a form with fill the query (eg.): SELECT *

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply