Doing Java String replacement efficiently -

we have following code :

string templatequery = "select * my_table col1=$1 or col2 '%$2.$1'"; string tmp = templatequery;  for(int i=1;i<=maxcols;i++) {     tmp = tmp.replaceall("\\$"+i, data[i-1]); }

this code works fine maxcols never exceeds 10. colleague disagree me stating code consumes memory. can ?

edit: have change initial templatequery realistic one. secondly, templatequery can potentially big string.

edit 2: have pointed out sqlinjection problem.

why aren't using preparedstatement replacement parameters?

string templatequery = "select * my_table col1 = ?"; preparedstatement ps = con.preparestatement(templatequery); (int = 0; < data.length; i++) {     ps.setstring(i + 1, data[i]); } resultset rs = ps.executequery();

you're otherwise vulnerable sql injection if use string replacement have.

Abdelmuti

Search This Blog

Doing Java String replacement efficiently -

Comments

Post a Comment