Java PreparedStatement complaining about SQL syntax on execute()

Question

This is driving me nuts... What am I doing wrong here?

ArrayList toAdd = new ArrayList();
toAdd.add(\"password\");
try{
    Prepa         


        

Answer 1

The MySQL manual clearly says that ? (parameter markers) are for binding data values only, not for column names.

Parameter markers can be used only where data values should appear, not for SQL keywords, identifiers, and so forth.

So you will have to use your second approach.

Answer 2

Try using the following

pStmt.executeUpdate();

pStmt.close();

Answer 3

You cannot submit an ALTER TABLE statement using parameters like this.

I guess it is not permissible to execute DDL statements in Java PreparedStatement.

Answer 4

When using a prepared statement, your parameter is treated similarily to a string literal. As a result, your statement is equivalent to "ALTER TABLE testTable ADD \'"+s+"\' varchar(100)". Notice the single quotations around the field name in the error message.

I would suggest building a literal statement in this case, and not attempting to used a prepared statement.

Answer 5

Prepared statements need to define a fixed structure so they can be precompiled. That means you can have variable values, but never variable table names, column names, function names etc.

Answer 6

Placeholders in JDBC are for data, not for table, column, view or function names. And for good reason. The DB schema of an application is static most of the time and only changes rarely. There are no benefits making them dynamic.