db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Pendleton <bpendleton.de...@gmail.com>
Subject Re: Counting a subset of records
Date Wed, 05 Dec 2018 03:25:48 GMT
If Search_ID is a value, then it either has to be a literal value
enclosed in quotation marks, or a variable value which is substituted
into the statement using a PreparedStatement and a setString() call.

Remember to avoid constructing variable values in SQL statements by
string concatenation, for you are vulnerable to SQL Injection that
way.

bryan

On Tue, Dec 4, 2018 at 6:01 PM Bob M <rgmatthews@orcon.net.nz> wrote:
>
> I have a table with a particular column named ID
>
> The records in the table have an integer in the field and there may be
> several records with the same integer value
>
> I am using the following code where Search_ID has just been
> calculated...........
>
> ps = conn.prepareStatement("SELECT COUNT(*) from table_name where ID =
> Search_ID");
>
> The program falters on this line and I am unclear why ?
>
> Bob M
>
>
>
> --
> Sent from: http://apache-database.10148.n7.nabble.com/Apache-Derby-Users-f95095.html

Mime
View raw message