阅读背景:

Dynamic column name using prepared statement + sql query with variable containing 's

来源:互联网 

My query

我的查询

attributes.replace(" ' ", "");
//also used SET "+attributes+" 
String sql;
sql = "UPDATE diseaseinfo"
        + " SET ?=?"
        + "WHERE companyname = 'mycom' && diseaseName =?";

PreparedStatement preparedStmt = connects.prepareStatement(sql);
preparedStmt.setString(1, attributes);
preparedStmt.setString(2, attrData);
preparedStmt.setString(3, medname);
System.out.println(preparedStmt);
attributes.replace(" ' ", ""



你的当前访问异常,请进行认证后继续阅读剩余内容。

分享到: