how to put a date in jdbc namedparameter

Question

I have the following code:

conditions.add("mydate = str_to_date('"+date_from_user+"', '%Y-%m-%d')");

the above works fine but since I am taking input from the user and shoving it in my query I'm risking the security of the query. So I wanted to use named template so I changed the code to:

conditions.add("mydate = str_to_date(':mydate', '%Y-%m-%d')");
namedParams.put("mydate", date_from_user);

However, the above code doesn't work and produces the following error message:

<SQLWarning ignored: SQL state 'HY000', error code '1411', message [Incorrect datetime value: ':mydate' for function str_to_date]>

so it seems that namedparameter isn't picking up the value..

score 0 · Answer 1 · answered Dec 12 '12 at 05:06

0

Have you tried removing the quotes in ':mydate' and change it as below,

conditions.add("mydate = str_to_date(:mydate, '%Y-%m-%d')");
namedParams.put("mydate", date_from_user);

answered Dec 12 '12 at 05:06

Jayamohan

12,734
2
27
41

score 0 · Answer 2 · answered Dec 12 '12 at 05:38

0

First check your DB server date format. Then give input in same format. create your date object in the same Object or pass string in same format.

answered Dec 12 '12 at 05:38

Kanagaraj M

956
8
18

how to put a date in jdbc namedparameter

2 Answers2