Parameterized placeholders in prepared statements can only be used for
values, not for database objects such as table names or column names.
You can use string concate but please verify the column name before adding
or it might lead to sql injection.
PreparedStatement preparedStatement = null;
Hello!
JDBC parameters can only be used to specify values (literals). They cannot
be used to specify identifiers, identifiers (including names of columns)
aren't parameterizable.
Also your decision to create an own column for each user looks like a bad
idea, usually you shouldn't store data in
Greetings.
To my best knowledger, you can use Parameters only for QUERIES and DML,
but not for DDL statements.
Although you can have a look
at https://github.com/manticore-projects/MJdbcUtils which I wrote
exactly for this kind of challenges.
It rewrites your parameterised SQL Statement and I use
The following code is what i'm using for the alter table, nothing special
but it results in an exception:
Caused by: org.h2.jdbc.JdbcSQLSyntaxErrorException: Syntax error in SQL
statement "ALTER TABLE TableName ADD [*]? BOOLEAN"; expected "identifier";
SQL statement:
ALTER TABLE TableName ADD ?