How to pass a variable's value in where clause in java?

Question

I am trying to exexcute a sql query which contains where condition in it. But whenever I execute the query, it is giving me java.lang.NullPointerException. Please help me in this!

I am using mssql and java

dbURL = "jdbc:sqlserver://ip:portnumber;databaseName=abc";
        username = "abc";
        password = "abc";

        //Load MS SQL JDBC Driver
        Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
        con = DriverManager.getConnection(dbURL,username,password);

        //Creating statement object
        st = con.createStatement();
        selectquery = "select * from abc where TradeType = '"+tradepair+"'";
        rs = st.executeQuery(selectquery);

        while (rs.next()) {

            getpair = rs.getString("TradeType");
            dbTradePair.add(getpair);

        }
        System.out.println("Pairs :-"+dbTradePair);

When "selectquery" is executed, i get "java.lang.NullPointerException". I hope i am executing sql query in proper format.Can anyone please help me out in this.?

Answer 1

Like this (Edited - close the resources properly afterwards):

//Load MS SQL JDBC Driver
    try {

        Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");

    } catch (ClassNotFoundException e) {

        System.out.println(e.getMessage());

    }

    final String dbURL = "jdbc:sqlserver://ip:portnumber;databaseName=abc";
    final String username = "abc";
    final String password = "abc";

    Connection  con = null;
    PreparedStatement preparedStatement = null;
    final String selectquery = "select * from abc where TradeType = ?";
    try {
        con = DriverManager.getConnection(dbURL,username,password);
        preparedStatement = con.prepareStatement(selectquery);
        preparedStatement.setString(1, tradepair);

        // execute select SQL stetement
        ResultSet rs = preparedStatement.executeQuery();

        while (rs.next()) {

            String tradeType = rs.getString("TradeType");

            System.out.println("tradeType : " + tradeType);
        }

    } catch (SQLException e) {

        System.out.println(e.getMessage());

    } finally {

        if (preparedStatement != null) {
            preparedStatement.close();
        }

        if (con != null) {
            con.close();
        }

    }