birdy birdy - 1 month ago 10
Java Question

how to query for a list<String> in jdbctemplate

I'm using springs jdbctemplate and running a query like below:

SELECT COLNAME FROM TABLEA GROUP BY COLNAME


There are no named parameters being passed, however, column name,
COLNAME
, will be passed by the user.

Questions


  1. Is there a way to have placeholders, like
    ?
    for column names? For example
    SELECT ? FROM TABLEA GROUP BY ?

  2. If I want to simply run the above query and get a
    List<String>
    what is the best way?



Currently I'm doing:

List <Map<String, Object>> data = getJdbcTemplate().queryForList(query);
for (Map m : data)
System.out.println(m.get("COLNAME"));

Answer

Is there a way to have placeholders, like ? for column names? For example SELECT ? FROM TABLEA GROUP BY ?

Use dynamic query as below:

String queryString = "SELECT "+ colName+ " FROM TABLEA GROUP BY "+ colName;

If I want to simply run the above query and get a List what is the best way?

List<String> data = getJdbcTemplate().query(query, new RowMapper<String>(){
                            public String mapRow(ResultSet rs, int rowNum) 
                                                         throws SQLException {
                                    return rs.getString(1);
                            }
                       });

EDIT: To Stop SQL Injection, check for non word characters in the colName as :

          Pattern pattern = Pattern.compile("\\W");
          if(pattern.matcher(str).find()){
               //throw exception as invalid column name
          }