devxlogo

Creating a Parameterized SQL Query Using PreparementStatement

Creating a Parameterized SQL Query Using PreparementStatement

 // conn - having a database connection alreadyPreparedStatement stmnt = null;ResultSet rs = null;try{  // '?' indicates placement of a parameter.  stmnt = conn.prepareStatement("SELECT firstName FROMemployees WHERE salary > ?");  // Complete the query statement.  // Note that start with "1" for the first parameter.  // Resulting query statement "SELECT firstName FROM employees WHERE salary > 300"  stmnt.setInt(1, 300);  // Returning ResultSet from executing query.  rs = stmnt.executeQuery();}  catch(Exception ex){  System.err.println("Database exception: " + ex);}

devx-admin

Share the Post: