I wanted to know of some way to create table on the fly based on user input(SQL Prepared Statement)
CREATE TABLE ? (
First_Name char(50),
Last_Name char(50)
)
What should i put in place of question mark
A JDBC PreparedStatement example to create a table in the database. A table 'employee' is created.
A prepared statement is a feature used to execute the same (or similar) SQL statements repeatedly with high efficiency. Prepared statements basically work like this: Prepare: An SQL statement template is created and sent to the database. Certain values are left unspecified, called parameters (labeled "?").
The PreparedStatement interface extends the Statement interface it represents a precompiled SQL statement which can be executed multiple times. This accepts parameterized SQL quires and you can pass 0 or more parameters to this query.
To retrieve data from a table using a SELECT statement with parameter markers, you use the PreparedStatement.
PreparedStatement placeholders are not intended for table names nor column names, they are only intended for actual column values.
So you would have to create the (prepared) statement string dynamically, which means your application will be vulnerable to SQL injection. Depending on how the application is supposed to be used - and by who - this could be a BIG problem.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With