java - Forming an SQL query dynamically -

java - Forming an SQL query dynamically -

i trying form sql dynamically depeneding on request

public class main { public static void main(string args[]) { string reqstr = "popcorn@bucket"; string values[] = reqstr.split("@"); stringbuffer sqlquery = new stringbuffer( "insert category_dev (t1 , t2 , t3 , t4 , t5 , t6 , t7 , t8 , t9 , t10) values ("); (int = 0; < values.length; i++) { sqlquery.append("'" + values[i] + "'"); sqlquery.append(","); } if (sqlquery.length() > 0) { sqlquery.setlength(sqlquery.length() - 1); } sqlquery.append(")"); system.out.println(sqlquery); } }

the table has got fixed column t1 , t2 , t3 ------ t10 .

each @ symbol indicates column value of table

when run above programme output beingness formed

insert category_dev (t1 , t2 , t3 , t4 , t5 , t6 , t7 , t8 , t9 , t10) values ('popcorn','bucket')

how can fill other values null ?? illustration

insert category_dev (t1 , t2 , t3 , t4 , t5 , t6 , t7 , t8 , t9 , t10) values ('popcorn','bucket' , null , null , null , null , null , null , null , null)

this bad idea, read sql injections

instead utilize preparedstatements:

preparedstatement pstmt = con.preparestatement("update employees set salary = ? id = ?"); pstmt.setbigdecimal(1, 153833.00) pstmt.setint(2, 110592)

for example, should work type of query or table action

to query do:

pstmt.set<whatever>// ones want set , pstmt.setnull // in loop whichever didnt utilize

java