I know that to execute sql DELETE statement, I need to use executeUpdate(). However my need is to support only SELECT statment, hence I am using executeQuery(String sql). My db is Oracle.
My problem is, I am using java.sql.Statement.executeQuery(String sql) in a desktop based application, a textbox in our app accepts any kind of query and while testing we found that executeQuery(sql) is actually executing a DELETE query, i.e it is successfully deleting a record and then throwing error -SQLException.
- Shouldn't the api not allow DELETE query to be executed ?.
- What can be done to prevent DELETE query to be executed by Statement.executeQuery api ?
You will need to explicitely manage not execute INSERT, UPDATE & DELETE queries through executeQuery() method. This is as per the JDBC specification so it will accept delete queries as well and will throw an exception.
your query is for DELETE operation thus please use stmt.executeUpdate();
As you mentioned the you are getting this from a textbox form user, You can add the validations on the query string itself before executing it.
Lets say you get the query in String, you can check if string starts with SELECT then only execute.