PreparedStatement.setString()方法，不带引号 [英] PreparedStatement.setString() method without quotes

问题描述

我正在尝试使用带有类似于以下代码的PreparedStatement:

I'm trying to use a PreparedStatement with code similar to this:

SELECT * FROM ? WHERE name = ?

很明显，当我使用setString()设置表和名称字段时会发生以下情况:

Obviously, what happens when I use setString() to set the table and name field is this:

SELECT * FROM 'my_table' WHERE name = 'whatever'

，查询不起作用.有没有一种方法可以设置不带引号的字符串，使行如下所示:

and the query doesn't work. Is there a way to set the String without quotes so the line looks like this:

SELECT * FROM my_table WHERE name = 'whatever'

还是我应该放弃它，而使用常规语句(参数来自系统的另一部分，用户均未输入)?

or should I just give it up and use the regular Statement instead (the arguments come from another part of the system, neither of those is entered by a user)?

推荐答案

参数不能用于参数化表或参数化任何数据库对象.它们主要用于参数化WHERE/HAVING子句.

Parameters cannot be used to parameterize the table, or parameterize any database objects. They're mostly used for parameterizing WHERE/HAVING clauses.

要执行所需的操作，您需要自己进行替换并根据需要创建一条常规语句.

To do what you want, you'll need to do the substitution yourself and create a regular statement as needed.

当您使用准备好的语句时，这是对数据库的提示，可以对语句进行前期处理-例如解析字符串，并可能确定执行计划.如果查询中使用的对象可以动态更改，则数据库无法做很多前期准备.

When you use a prepared statement, this is a hint to the database to do up front processing on the statement - e.g. parse the string and possibly determine an execution plan. If the objects used in the query can change dynamically, then the database could not do much up front preparation.

这篇关于PreparedStatement.setString()方法，不带引号的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！