NetSuite Data Provider - Online Help
NetSuite Data Provider
Questions / Feedback?

Using Prepared Statement

The PreparedStatement object represents a pre-compiled SQL statement. A PreparedStatement can be used multiple times and helps avoid SQL injection attacks. A PreparedStatement can be a SELECT, INSERT, UPDATE, or DELETE statement.

To use a prepared statement, establish a connection as described in Querying the Data. Then, create a PreparedStatement, set any parameters, and execute it.

The example below shows a SELECT PreparedStatement. Note that the parameter indices start from one. 

String query = "SELECT * FROM Account WHERE InternalId=? and AcctName=?"; //Equivalent to "SELECT * FROM Account WHERE InternalId='XXX' and AcctName='YYY'"
PreparedStatement pstmt = conn.prepareStatement(query);
pstmt.setString(1, "XXX");
pstmt.setString(2, "YYY");
boolean ret = pstmt.execute();
if (ret){
  ResultSet rs=pstmt.getResultSet();
  while(rs.next()){
    for(int i=1;i<=rs.getMetaData().getColumnCount();i++)
    {
      System.out.println(rs.getMetaData().getColumnName(i) +"="+rs.getString(i));
    }
  }
}

 
 
Copyright (c) 2015 RSSBus, Inc. - All rights reserved.
Build 1.0.5577.0