why we use setInt with select query instead of using getInt when value is already there in database

why we use setInt with select query instead of using getInt when value is already there in database?

    try {
        conn = getConnection();


        ps = conn.prepareStatement("SELECT * FROM circle where id =?");

        ps.setInt(1, circleId);

        Circle circle = null;
        rs = ps.executeQuery();
        if (rs.next()) {
            //String s = rs.getString(circleId);

            circle = new Circle(circleId, rs.getString("name"));

        }
Jon Skeet
people
quotationmark

You're setting the value of the parameter to be used in the query. The ? in the SQL represents the parameter, and here you're giving it a value.

When you call getString() later, that's getting a value from the results of the query, which are very different from the parameters sent as part of the query.

Parameterized SQL allows safe inclusion of values into queries, without needing to escape them to prevent SQL injection attacks, or worrying about data type conversions. You should read the JDBC PreparedStatement tutorial for more details.

people

See more on this question at Stackoverflow