All Forums Database
Divya Bharathi 8 posts Joined 09/14
14 Nov 2014
JDBC connectivity

Hi is it possible to use modify user statement in the prepared statement as like below.If it is wrong plz correct it....
PreparedStatement pstmt1 = con.prepareStatement("MODIFY USER '"+username+"' AS release password lock;");

Divya Bharathi 8 posts Joined 09/14
14 Nov 2014

k

tomnolan 594 posts Joined 01/08
14 Nov 2014

You don't need to use a PreparedStatement for that SQL request, because it does not contain any question-mark parameter markers (and, in fact, you cannot use parameter markers in a DDL command like that).
 
You code has a problem -- a syntax error -- the username specified in a MODIFY USER command should not be enclosed in single-quotes.
 
You must also be careful to avoid SQL injection attack. You should enclose the username in double-quotes, and also double any double-quote characters that may be in the username.
 
Statement stmt = con.createStatement();
stmt.executeUpdate("modify user \"" + username.replaceAll("\"", "\"\"") + "\" as release passwork lock");

Divya Bharathi 8 posts Joined 09/14
17 Nov 2014

Ya now its working fine!!!!! Thank you 

You must sign in to leave a comment.