Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What does "=?" represent when used in an SQL query

I'm fairly new to SQL and I'm currently reworking a java program that another programmer has developed. When I print one of his query select statements the script contains sql syntax:

SELECT * from database WHERE id = ?

I just want know what =? is supposed to do? I've been googling around and I can't find any relevant answer.

like image 656
ides Avatar asked Feb 22 '23 15:02

ides


2 Answers

It's not a SQL notation, but a JDBC (Java Database Connectivity) notation. The ? gets replaced with a parameter that is specified separately. Using this approach, instead of trying to substitute the parameter yourself into the string, helps prevent the risk of SQL injection.

like image 104
ruakh Avatar answered Feb 24 '23 06:02

ruakh


The ? is a place holder, a parameter, so that you can pass it in dynamically and return different results for different parameters.

Somewhere in the code you should see that he adds the parameter to the Statement object and execute it.

like image 45
Icarus Avatar answered Feb 24 '23 04:02

Icarus