What are the best workarounds for using a SQL
IN clause with instances of
java.sql.PreparedStatement, which is not supported for multiple values due to SQL injection attack security issues: One
? placeholder represents one value, rather than a list of values.
Consider the following SQL statement:
SELECT my_column FROM my_table where search_column IN (?)
preparedStatement.setString( 1, "'A', 'B', 'C'" ); is essentially a non-working attempt at a workaround of the reasons for using
? in the first place.
What workarounds are available?