Java – SQL prepared statement for creating tables

2019-04-22 • Java

I want to know some methods of dynamically creating tables based on user input (SQL prepared statement)

CREATE TABLE ? (
  First_Name char(50),Last_Name char(50)
)

What should I use instead of a question mark

Solution

Preparedstatement placeholders do not apply to table or column names, they are only used for actual column values

Therefore, you must dynamically create (prepared) statement strings, which means that your application will be vulnerable to SQL injection attacks Depending on how the application should be used – and by whom – this can be a big problem

Related issues

> How do I sanitize SQL without using prepared statements

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.

THE END

Java

二维码

Java – how to read the heap dump file created by jconsole?

< <上一篇

Java – how do I force an OutputStream object to refresh without closing it?

下一篇>>

搜索内容

Java – SQL prepared statement for creating tables

Solution

热门文章