Chris wrote:
> A user enters a name into a textfield and clicks on a "Find"
> button. Depending on which text field the user entered the
> data, the appropriate column name in the table is used for
> fieldName and the entered text is passName. However, the
> fieldName doesn't return anything. But if I replace
> fieldName with the column name ("WHERE first_name='"), the
> program returns values. Can't we use variables for column
> names or do I have to just put it all in an if/else statement?
>
> Here is my code:
>
> result = fe.executeQuery("SELECT first_name, last_name, emp_nbr, emp_type_code, emp_status_code, emp_work_center " +
> "FROM employee " +
> "WHERE '"+fieldName+"'='"+passName+"'");

I'm not 100% certain if I understood you right, but if I did,
the statement should look like this:

result = fe.executeQuery("SELECT first_name, last_name, emp_nbr, emp_type_code, emp_status_code, emp_work_center " +
"FROM employee " +
"WHERE "+fieldName+"='"+passName+"'");

Also, be aware that this is wide open to SQL injection, unless you
double single quotes in fieldName and passName first.

Yours,
Laurenz Albe

--
Sent via pgsql-jdbc mailing list (pgsql-jdbc@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-jdbc