I have a search page with multiple search criteria <ol> <li>Employee Name</li> <li>Employee Id</li> <li>Date of joining</li> <li>Department</li> </ol> etc User can provide one or more search criteria. I need to query database to get the search results. Using plain JDBC, there are two options to achieve this. <ol> <li>Prepare SQL query by appending search criteria provided by user.</li> </ol> ex: <pre class="prettyprint"><code>String selectClause = "SELECT * FROM EMPLOYEES WHERE "; String whereClause = ""; if(StringUtils.isNotBlank(empName)){ if(whereClause.length > 0){ whereClause += " AND "; } selectQuery += " EMP_NAME = " + empName; } if(StringUtils.isNotBlank(empID)){ if(whereClause.length > 0){ whereClause += " AND "; } selectQuery += " EMP_ID = " + empID; } //... and so on ... </code></pre> <ol start="2"> <li>Using <code>preparestatement</code> </li> </ol> ex: <pre class="prettyprint"><code>String query = "SELECT * FROM EMPLOYEES WHERE EMP_NAME = ? AND EMP_ID = ? DATE_OF_JOINING = ? AND DEPARTMENT = ?"; </code></pre> This answer explains that like ex 1 above, ex2 can be modified, something like below <pre class="prettyprint"><code>String selectClause = "SELECT * FROM EMPLOYEES WHERE "; String whereClause = ""; if(StringUtils.isNotBlank(empName)){ if(whereClause.length > 0){ whereClause += " AND "; } selectQuery += " EMP_NAME = ?"; } if(StringUtils.isNotBlank(empID)){ if(whereClause.length > 0){ whereClause += " AND "; } selectQuery += " EMP_ID = ?"; } //... and so on ... </code></pre> Then carefully (keeping parameter index in mind) the input needs to set to the prepared statement. This doesn't sounds to be a very ideal solution. Is there a way to do this in an elegant way (without ORM frameworks) ?

I wouldn't like using a <code>StringBuilder</code> to dynamically create a query each and every time, especially when the number of meaningful combinations is countable and finite. I'd always prefer static Strings. Yes, you have to type them in, but you'll do that once. I'd rather do that than pay the price in complexity and at runtime.

Prepared statement with dynamic where clause

I have a search page with multiple search criteria

Employee Name
Employee Id
Date of joining
Department

etc

User can provide one or more search criteria. I need to query database to get the search results.

Using plain JDBC, there are two options to achieve this.

Prepare SQL query by appending search criteria provided by user.

ex:

String selectClause = "SELECT * FROM EMPLOYEES WHERE ";
String whereClause = "";
if(StringUtils.isNotBlank(empName)){
    if(whereClause.length > 0){
        whereClause += " AND ";
    }
    selectQuery += " EMP_NAME = " + empName;
}
if(StringUtils.isNotBlank(empID)){
    if(whereClause.length > 0){
        whereClause += " AND ";
    }
    selectQuery += " EMP_ID = " + empID;
}
//... and so on ...

Using preparestatement

ex:

String query = "SELECT * FROM EMPLOYEES WHERE EMP_NAME = ? AND EMP_ID = ? DATE_OF_JOINING = ? AND DEPARTMENT = ?";

This answer explains that like ex 1 above, ex2 can be modified, something like below

String selectClause = "SELECT * FROM EMPLOYEES WHERE ";
String whereClause = "";
if(StringUtils.isNotBlank(empName)){
    if(whereClause.length > 0){
        whereClause += " AND ";
    }
    selectQuery += " EMP_NAME = ?";
}
if(StringUtils.isNotBlank(empID)){
    if(whereClause.length > 0){
        whereClause += " AND ";
    }
    selectQuery += " EMP_ID = ?";
}
//... and so on ...

Then carefully (keeping parameter index in mind) the input needs to set to the prepared statement. This doesn't sounds to be a very ideal solution.

Is there a way to do this in an elegant way (without ORM frameworks) ?

Is PreparedStatement suitable for dynamic SQL?

Prepared statements are interesting from a stored programming perspective because they allow us to create dynamic SQL calls. The SQL text may contain placeholders for data values that must be supplied when the SQL is executed.

WHERE clause in PreparedStatement Java?

To execute a statement with Where clause using PreparedStatement. Prepare the query by replacing the value in the clause with place holder “?” and, pass this query as a parameter to the prepareStatement() method.

Which statements are executed by dynamic SQL?

Native dynamic SQL enables you to place dynamic SQL statements directly into PL/SQL code. These dynamic statements include DML statements (including queries), PL/SQL anonymous blocks, DDL statements, transaction control statements, and session control statements.

I wouldn't like using a StringBuilder to dynamically create a query each and every time, especially when the number of meaningful combinations is countable and finite.

I'd always prefer static Strings. Yes, you have to type them in, but you'll do that once. I'd rather do that than pay the price in complexity and at runtime.

In such conditions I prefer adding 1=1 in where clause so that you dont have to keep track of where to insert AND.

String selectClause = "SELECT * FROM EMPLOYEES WHERE 1=1 ";
if(StringUtils.isNotBlank(empName)){
   selectQuery += "AND EMP_NAME = " + empName;
}
if(StringUtils.isNotBlank(empID)){
   selectQuery += "AND EMP_ID = " + empID;
}
//... and so on ...

Prepared statement with dynamic where clause

Tags:

java

sql

prepared-statement

Apurv

People also ask

2 Answers

duffymo

Ajinkya

Recent Activity

Donate For Us

Prepared statement with dynamic where clause

Tags:

java

sql

prepared-statement

Apurv

People also ask

2 Answers

duffymo

Ajinkya

Related questions

Recent Activity

Donate For Us