You should take a look at
. With Statements you're able to build and execute your SQL Statement.
When it comes to variables with special characters you should use
. The magic happens by not inserting the variables directly in the Statment String but parsing them into the Statement String using Wildcards. This looks somehow like this:
Code:
private void updateTable(Connection con)
{
PreparedStatement stmt = null;
//'?' is a Wildcard
String update = "UPDATE ? SET [...]";
try
{
stmt = con.prepareStatement(update);
//IMPORTANT: First index of wildcard is 1
stmt.setString(1, "your special string");
stmt.executeUpdate();
con.commit();
}
catch(SQLException e)
{
e.printStackTrace();
}
}