What does “=?” represent when used in an SQL query
Question
I'm fairly new to SQL and I'm currently reworking a java program that another programmer has developed. When I print one of his query select statements the script contains sql syntax:
SELECT * from database WHERE id = ?
I just want know what =? is supposed to do? I've been googling around and I can't find any relevant answer.
5 answers
solution1
5 ACCPTED 2012-02-03 03:45:06
It's not a SQL notation, but a JDBC (Java Database Connectivity) notation. The ? gets replaced with a parameter that is specified separately. Using this approach, instead of trying to substitute the parameter yourself into the string, helps prevent the risk of SQL injection .
solution2
1 2012-02-03 03:43:44
The ? is a place holder, a parameter, so that you can pass it in dynamically and return different results for different parameters.
Somewhere in the code you should see that he adds the parameter to the Statement object and execute it.
solution3
1 2012-02-03 03:46:14
Most likely you are using a tool that will replace the "?" with an actual value. I've seen this in other tools before such as SQL DTS (Data Transformation Services)... but that's showing how old I am :)
The ? is not part of the SQL language.
solution4
1 2012-02-03 06:05:25
The ? is a place holder used in SQL queries when used with JDBC Prepared statement . Using a prepared statement has advantages over the normal statement specially when you use it repeatedly (say in a loop).
solution5
0 2012-02-05 18:14:41
Here is an example :
PreparedStatement ps =
connection.prepareStatement("select name from users where user_name = ?");
ps.setString(1, "user1");
the "?" gets replace by "user1" when the query is run and the first name of the user with user name "user1" is returned.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.