Advanced parametrization in JDBC PreparedStatements [duplicate]

Answer 1

The short answer is that you cannot parameterize a tablename in a prepared statement. You have to contruct the sql with string concatenation. Basically prepared statements are used for column values and not for the table names.

The best I can think of is to use string.format like this:

String sql = String.format("select * from $1%s",  yourtable);

Answer 2

We could do in the following way

 "select * from "+table_name+" where id=?";

PreparedStatement allow you to provide dynamic query parameters in where clause only

Answer 3

If you have your PreparedStatement with an SQL query as you stated you can do:

int yourID = 1;
String tablename = "table";
String query = "SELECT * FROM " + tableName + " where id = ?";´
PreparedStatement statement = con.prepareStatement(query);
statement.setInt(1, yourID);

It will replace the ? with 1. If you have multiple ? you can set those like

statement.setString(2, "YourString");

Check http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html for more Information.

Answer 4

Use placeholder in place of table name and then replacing that with your tablename.

String strQuery = "INSERT INTO $tableName (col1, col2)
                   VALUES (?,?);";

and replace when you come to know the tablename as below:

String query =strQuery.replace("$tableName",tableName);
stmt =connection.prepareStatement(query);

Answer 5

String table_name= // get tablename 
String sql= "select * from" +table_name+" where id=?";