user1358679
Reputation: 11
get data from user then insert it in javadb
If I have a code with interface that takes data from user then stores this data in variables of type string, how can I insert this variable in a database? Here is an example of what I say :
String s1="[email protected]";
Class.forName("org.apache.derby.jdbc.ClientDriver");
Connection con=
DriverManager.getConnection("jdbc:derby://localhost:1527/SampleDB","app","app");
Statement st=con.createStatement();
st.executeUpdate("INSERT INTO EMAIL"+"(ID)"+"VALUES(s1)");
But this way is not working and doesn't insert this variable of type string in database!
How can I do this?
Upvotes: 0
Views: 683
Answers (1)
Paul Vargas
Reputation: 42040
Use PreparedStatemt. You can find an example in http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html
To prevent SQL injection all queries should be parametrized and String concatenation should never be used to create dynamic SQL.
Upvotes: 1
Related Questions
- Insert Statement into Derby Database
- Inserting data into MY SQL database
- Input data from Java to SQL Database
- Netbeans java application - executing query on derby database
- java insert data into Mysql database
- Inserting variables with SQL in Java
- inserting data into database using jdbc
- How to insert values into database in java
- Inserting data into table
- Insert into database