Remove quotes from string query JSP

Question

I am trying to write some site with connections to DB MySql and met the next trouble - when I make query with early formed String, MySql writes smth like "You need to remove quotes". I understand that I send to DB not a liniar string, but object type String, what way can I avoid this problem:

<sql:setDataSource var="con" driver="com.mysql.jdbc.Driver"
url="jdbc:mysql://localhost/PosPromo"
user="root"  password="qwerty"/>

// here I am waiting an array of integers from another JSP page, they are ID in my DB

<% String [] val =request.getParameterValues("aaa"); %>
<% request.setAttribute("val",val); %>

<%! String str=""; %>
<% for (int j=0;j<val.length;j++){
    if (j==(val.length-1)){
        str+=" id="+String.valueOf(val[j]);
        break;
    }
    str+=" id="+String.valueOf(val[j])+" OR";       
}
%>
<%str="SELECT * FROM action WHERE "+str+";";%>  

// here I obtain string smth like "SELECT * FROM action WHERE id=3;" which realy works in DB

<c:set var="que" value="str"/>

<sql:query dataSource="${con}" var="result">
    "${que}";
</sql:query>

RUN and here appear inscription " You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"que"' at line 1"

Answer 1

Change your sql tag to below :

<sql:query dataSource="${con}" var="result">
    ${que}
</sql:query>