i want to fetch data from database by using a variable string.it shows error
String a=request.getParameter("from"); ResultSet resultset= statement.executeQuery("select * from flight where f = $a") ;
If you want to use the value of the a
variable where you have $a
, you need to use a prepared statement and fill it in:
String a = request.getParameter("from");
PreparedStatement ps = connection.prepareStatement( // Create a prepared statement
"select * from flight where f = ?" // Using ? for where the
); // parameter goes
ps.setString(1, a); // Fill in the value (they
// start a 1, oddly)
ResultSet resultset = ps.executeQuery(); // Execute the query
Note that even though it's a string, you don't put quotes around the ?
. The PreparedStatement
handles that for you at the DB driver level, in a way that's safe from SQL injection .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.