在表SQL查询中转义单引号 [英] Escaping single quotes in table SQL queries
问题描述
使用java.sql.Preparedstatement
表示在解析查询时将转义字符,当我的数据中有单引号但表名本身中有单引号时,查询也将无法正常工作(我我正在使用Oracle 11g).
Using java.sql.Preparedstatement
implies the escaping of characters will be done while parsing the queries, this does happen also when I have single quotes in my data but when I have single quotes in my table name itself the query does not work (I am using Oracle 11g).
这是我的代码:
Class.forName("oracle.jdbc.OracleDriver");
con = DriverManager.getConnection(
"jdbc:oracle:thin:client/adept@ind-db-02:1521:ind02");
PreparedStatement preparedStatement = con.prepareStatement(
"SELECT * FROM (?) where rownum=1");
preparedStatement.setString(1,"CLIENT.\"SR'tab\"");
ResultSet rs3=preparedStatement.executeQuery();
是否可以使用准备好的语句将表名中的单引号转义?
Is there any way of escaping single quotes from the table name using a prepared statement?
推荐答案
PreparedStatement占位符不适用于表名或列名,它们仅适用于实际列值.换句话说,您实际上是在滥用PreparedStatement.
PreparedStatement placeholders are not intended for table names nor column names, they are only intended for actual column values. In other words, you are actually misusing PreparedStatement.
这篇关于在表SQL查询中转义单引号的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!