PreparedStatement is not working when i do setString but works when its hard-coded

Question

this doesn't work ( says java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''tb1' set 'name' = 'newName' where 'id' = 0000' at line ... ) >

        String queryUpdate = "update ? set ? = ? where ? = ?";
        preparedStmtUpdate.setString(1, "tb1");
        preparedStmtUpdate.setString(2, "name");
        preparedStmtUpdate.setString(3, "newName");
        preparedStmtUpdate.setString(4, "id");
        preparedStmtUpdate.setInt(5, 0000);

this does work >

       String queryUpdate = "update tb1 set named = 'newName' where id = 0000";

then executing it >

  PreparedStatement preparedStmtUpdate = con.prepareStatement(queryUpdate);
  preparedStmtUpdate.executeUpdate();

Question: also why does it adds 'value' (quotes) when i try printing the PreparedStatement object? and why is it still adding it the error message?

See this https://stackoverflow.com/questions/11312155/how-to-use-a-tablename-variable-for-a-java-prepared-statement-insert — lucumt, Aug 04 '18 at 10:22

score 0 · Answer 1 · answered Aug 04 '18 at 10:35

0

You can't use ? to dynamic table name. You need to construct the SQL with string concatenation/placeholder with String.format. A prepared statement is for the column values not for a table name.

answered Aug 04 '18 at 10:35

Sagar Vaghela

1,017
5
18
35

1

...which is almost 1:1 what the accepted answer in the linked duplicate says. – Marvin Aug 04 '18 at 10:49

PreparedStatement is not working when i do setString but works when its hard-coded

1 Answers1