Problems with PreparedStatement - Java

Question

Im trying to use PreparedStatement to my SQLite searches. Statement works fine but Im getting problem with PreparedStatement.

this is my Search method:

public void searchSQL(){
        try {
            ps = conn.prepareStatement("select * from ?");
            ps.setString(1, "clients");
            rs = ps.executeQuery();
        } catch (SQLException ex) {
            ex.printStackTrace();
        }
    }

but Im getting this error:

java.sql.SQLException: near "?": syntax error at org.sqlite.DB.throwex(DB.java:288) at org.sqlite.NestedDB.prepare(NestedDB.java:115) at org.sqlite.DB.prepare(DB.java:114) at org.sqlite.PrepStmt.(PrepStmt.java:37) at org.sqlite.Conn.prepareStatement(Conn.java:231) at org.sqlite.Conn.prepareStatement(Conn.java:224) at org.sqlite.Conn.prepareStatement(Conn.java:213)

thx

Answer 1

Columns Parameters can be ? not the table name ; Your method must look like this :

public void searchSQL()
{
    try 
    {
        ps = conn.prepareStatement("select * from clients");
        rs = ps.executeQuery();
    }
    catch (SQLException ex) 
    {
        ex.printStackTrace();
    }
}

Here if I do it like this, it's working fine, see this function :

public void displayContentOfTable()
{
    java.sql.ResultSet rs = null;
    try
    {
        con = this.getConnection();
        java.sql.PreparedStatement pstatement = con.prepareStatement("Select * from LoginInfo");
        rs = pstatement.executeQuery();

        while (rs.next())
        {
            String email = rs.getString(1);
            String nickName = rs.getString(2);
            String password = rs.getString(3);
            String loginDate = rs.getString(4);
            System.out.println("-----------------------------------");
            System.out.println("Email : " + email);
            System.out.println("NickName : " + nickName);
            System.out.println("Password : " + password);
            System.out.println("Login Date : " + loginDate);
            System.out.println("-----------------------------------");
        }
        rs.close();  // Do remember to always close this, once you done 
                     // using it's values.
    }
    catch(Exception e)  
    {
        e.printStackTrace();
    }       
}

Make ResultSet a local variable, instead of instance variable (as done on your side). And close it once you are done with it, by writing rs.close() and rs = null.

Answer 2

Passing table names in a prepared statement is not possible.

The method setString is when you want to pass a variable in a where clause, for example:

select * from clients where name = ?