PreparedStatement.setString()方法,不带引号 [英] PreparedStatement.setString() method without quotes
问题描述
我正在尝试使用带有类似于以下代码的PreparedStatement:
I'm trying to use a PreparedStatement with code similar to this:
SELECT * FROM ? WHERE name = ?
很明显,当我使用setString()设置表和名称字段时会发生以下情况:
Obviously, what happens when I use setString() to set the table and name field is this:
SELECT * FROM 'my_table' WHERE name = 'whatever'
,查询不起作用.有没有一种方法可以设置不带引号的字符串,使行如下所示:
and the query doesn't work. Is there a way to set the String without quotes so the line looks like this:
SELECT * FROM my_table WHERE name = 'whatever'
还是我应该放弃它,而使用常规语句(参数来自系统的另一部分,用户均未输入)?
or should I just give it up and use the regular Statement instead (the arguments come from another part of the system, neither of those is entered by a user)?
推荐答案
参数不能用于参数化表或参数化任何数据库对象.它们主要用于参数化WHERE/HAVING子句.
Parameters cannot be used to parameterize the table, or parameterize any database objects. They're mostly used for parameterizing WHERE/HAVING clauses.
要执行所需的操作,您需要自己进行替换并根据需要创建一条常规语句.
To do what you want, you'll need to do the substitution yourself and create a regular statement as needed.
当您使用准备好的语句时,这是对数据库的提示,可以对语句进行前期处理-例如解析字符串,并可能确定执行计划.如果查询中使用的对象可以动态更改,则数据库无法做很多前期准备.
When you use a prepared statement, this is a hint to the database to do up front processing on the statement - e.g. parse the string and possibly determine an execution plan. If the objects used in the query can change dynamically, then the database could not do much up front preparation.
这篇关于PreparedStatement.setString()方法,不带引号的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!