Prepared statements are for value substitution (col = ?),
not column name substitution (? = '').
Your select statement would expand to:
SELECT 'col' AS answer FROM survey_3 WHERE 'col' != '';
which would (correctly) output the string literal 'col' once
for every row in the table since 'col' != '' is true.
You have to build your own query strings for this.
--- rpitting <[EMAIL PROTECTED]> wrote:
> I'm having troubles settingthe parameters when using a
> PreparedStatement with escaped fieldnames.
>
> My Code looks like this:
>
> PreparedStatement statement = connection.prepareStatement(" SELECT ?
> AS answer FROM survey_3 WHERE ? !='' ");
>
> for (String fieldName : fieldNames) {
> String escFieldName = escape(fieldName);
> statement.setString(1, escFieldName);
> statement.setString(2, escFieldName);
> results = statement.executeQuery();
> while (results.next()) {
> String answer = results.getString("answer");
> }
>
> Unless than expected, the result is a list (length = all existing rows
> in the table) containing just the escaped fieldname (like `3X3X14`).
>
> When creating the query by hand (i. e. concatenating the string), the
> result is as expected and correct.
>
> Using an unescaped fieldname also does not work: the result is as
> described above, but this time without the quotes.
>
> Do you have a solution for this - or do I have to use hand-crafted
> querys?
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--~--~---------~--~----~------------~-------~--~----~
Mailing List: http://groups.google.com/group/sqlitejdbc?hl=en
To unsubscribe, send email to [EMAIL PROTECTED]
-~----------~----~----~----~------~----~------~--~---
