Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SQL Prepared Statement to Create Table

I wanted to know of some way to create table on the fly based on user input(SQL Prepared Statement)

CREATE TABLE ? (
  First_Name char(50),
  Last_Name char(50)
)

What should i put in place of question mark

like image 700
Mohit Bansal Avatar asked Sep 07 '10 03:09

Mohit Bansal


People also ask

Can we create a table with prepared statement?

A JDBC PreparedStatement example to create a table in the database. A table 'employee' is created.

What is a prepared statement in SQL?

A prepared statement is a feature used to execute the same (or similar) SQL statements repeatedly with high efficiency. Prepared statements basically work like this: Prepare: An SQL statement template is created and sent to the database. Certain values are left unspecified, called parameters (labeled "?").

What is prepared statement and create it in JDBC?

The PreparedStatement interface extends the Statement interface it represents a precompiled SQL statement which can be executed multiple times. This accepts parameterized SQL quires and you can pass 0 or more parameters to this query.

Can we use prepared statement for select query?

To retrieve data from a table using a SELECT statement with parameter markers, you use the PreparedStatement.


1 Answers

PreparedStatement placeholders are not intended for table names nor column names, they are only intended for actual column values.

So you would have to create the (prepared) statement string dynamically, which means your application will be vulnerable to SQL injection. Depending on how the application is supposed to be used - and by who - this could be a BIG problem.

Related question

  • How do I sanitize SQL without using prepared statements
like image 141
Pascal Thivent Avatar answered Sep 21 '22 21:09

Pascal Thivent