Skip site navigation (1) Skip section navigation (2)

Re: Can't use a variable for a column name?

From: "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at>
To: <cmattmiller(at)gmail(dot)com>,<pgsql-jdbc(at)postgresql(dot)org>
Subject: Re: Can't use a variable for a column name?
Date: 2008-04-25 06:39:54
Message-ID: D960CB61B694CF459DCFB4B0128514C2020A7768@exadv11.host.magwien.gv.at (view raw or flat)
Thread:
Lists: pgsql-jdbc
Chris wrote:
> A user enters a name into a textfield and clicks on a "Find" 
> button.  Depending on which text field the user entered the 
> data, the appropriate column name in the table is used for 
> fieldName and the entered text is passName.  However, the 
> fieldName doesn't return anything.  But if I replace 
> fieldName with the column name ("WHERE first_name='"), the 
> program returns values.  Can't we use variables for column 
> names or do I have to just put it all in an if/else statement?
> 
> Here is my code:
> 
>               result = fe.executeQuery("SELECT first_name, last_name, emp_nbr, emp_type_code, emp_status_code, emp_work_center " +
>                                             "FROM employee " +
>                                             "WHERE '"+fieldName+"'='"+passName+"'");

I'm not 100% certain if I understood you right, but if I did,
the statement should look like this:

result = fe.executeQuery("SELECT first_name, last_name, emp_nbr, emp_type_code, emp_status_code, emp_work_center " +
                         "FROM employee " +
                         "WHERE "+fieldName+"='"+passName+"'");

Also, be aware that this is wide open to SQL injection, unless you
double single quotes in fieldName and passName first.

Yours,
Laurenz Albe

In response to

Responses

pgsql-jdbc by date

Next:From: Daniel MigowskiDate: 2008-04-25 07:11:37
Subject: Re: Expressiveness of SQLException
Previous:From: Oliver JowettDate: 2008-04-24 21:19:52
Subject: Re: Expressiveness of SQLException

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group