问题描述

删除？在哪里？ =？

是否有可能为所有这些参数提供参数？似乎如果我不提供字符串，我会收到错误。例如，它似乎只有我有类似的东西：

Is it possible to feed in parameters for all of these ?s? It seems that if I don't supply Strings, I get errors. For example, it only seems to work if I have something like:

从非营利组织删除WHERE nonpid =？

DELETE from nonprofit WHERE nonpid = ?

它只需要这样的参数。

推荐答案

答案是否定的，你不能在预备语句中使用表名。准备好的语句仅适用于列值。

The answer is no you can not use table names in the prepared statements. The prepared statements will only work for column values.

这通常可以通过备用模式来规避，但如果您真的需要，可以始终将可选的表名构建到通过修改查询字符串进行查询。如果这样做，请确保清理输入以防止sql注入。

This usually can be circumvented with an alternate schema, but if you really need to you can always build the optional Table name into the query by modifying the query string. If you do so make sure to sanitize your input to prevent sql injection.

这篇关于是否可以在Prepared Statements或QueryRunner.update（）中提供表名或列名的参数？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！