Anonymous user
Parameterized SQL statement: Difference between revisions
→{{header|Java}}
(→{{header|Clojure}}: Removed the improve tag. I don't know why that tag was added, but both update! and execute! examples make use of prepared statements and are fully parameterized.) |
|||
Line 367:
}</lang>
▲<lang java>import java.sql.DriverManager;
import java.sql.Connection;
import java.sql.PreparedStatement;
public class DBDemo {
private String protocol; //set this to some connection protocol like "jdbc:sqlserver://"
private String dbName; //set this to the name of your database
Line 379 ⟶ 377:
private String password;
Connection conn = DriverManager.getConnection(protocol + dbName, username, password);▼
PreparedStatement query;
public int setUpAndExecPS(){▼
try {
▲ Connection conn = DriverManager.getConnection(protocol + dbName, username, password);
query = conn.prepareStatement(▼
▲ public int setUpAndExecPS(){
▲ query = conn.prepareStatement(
"UPDATE players SET name = ?, score = ?, active = ? WHERE jerseyNum = ?");
query.setString(1, "Smith, Steve");//automatically sanitizes and adds quotes▼
query.setBoolean(3, true);▼
query.setInt(4, 99);
//there are similar methods for other SQL types in PerparedStatement▼
return query.executeUpdate();//returns the number of rows changed▼
//PreparedStatement.executeQuery() will return a java.sql.ResultSet,▼
//execute() will simply return a boolean saying whether it succeeded or not▼
} catch (Exception e) {
▲ query.setString(1, "Smith, Steve");//automatically sanitizes and adds quotes
}
▲ query.setBoolean(3, true);
▲ query.setInt(4, 99);
▲ //there are similar methods for other SQL types in PerparedStatement
return 0;
▲ return query.executeUpdate();//returns the number of rows changed
▲ //PreparedStatement.executeQuery() will return a java.sql.ResultSet,
▲ //execute() will simply return a boolean saying whether it succeeded or not
}
}
=={{header|Julia}}==
|