Bug #108275 | CREATE DATABASE does not work as prepared statement | ||
---|---|---|---|
Submitted: | 24 Aug 2022 21:37 | Modified: | 18 Oct 2022 11:53 |
Reporter: | Björn Voigt (OCA) | Email Updates: | |
Status: | Not a Bug | Impact on me: | |
Category: | Connector / J | Severity: | S3 (Non-critical) |
Version: | 8.0.30 | OS: | Any |
Assigned to: | Filipe Silva | CPU Architecture: | Any |
Tags: | Connector J, java, prepared statement |
[24 Aug 2022 21:37]
Björn Voigt
[18 Oct 2022 11:53]
Filipe Silva
Database names, table names, columns or any other database entity in general cannot be parameterized in prepared statements. Only values are allowed. See the example demonstrating how to choose the table on which to perform a query at runtime in the documentation https://dev.mysql.com/doc/refman/8.0/en/sql-prepared-statements.html. Mind that this is just a workaround for a similar situation and this is not something you should be doing though a connector, anyway. The documentation says CREATE DATABASE is permitted in Prepared Statements but that's true only it is written in its static form, i.e., without placeholders. Also note that Connector/J doesn't always prepare statements using server-side PREPARE/EXECUTE/DEALLOCATE commands. Even when `useServerPrepStmts=true` there are times where prepared statements get emulated at client side. This may cause different error messages or at different moments (while preparing vs while executing).