Re: how do i insert into databse?
- From: Robert Kochem <robert@xxxxxxxxxxxxxxxx>
- Date: Sat, 16 Feb 2008 15:49:20 +0100
mak1084@xxxxxxxxx schrieb:
[code]
String str1 = "select roll_no from student where sem_id = (select
sem_id from subject where course_id ='bsc_it' and sub_id =
'"+getsub1+"')";
Please don't forget that creating SQL queries with user specified input
incorporates the possibility for an SQL injection attack. Therefore I
strongly recommend to change your code to use a PreparedStatement and set
the parameters via setInt() or SetString() - then your WebApp is secure
against such attacks.
http://java.sun.com/docs/books/tutorial/jdbc/basics/prepared.html
Robert
.
- References:
- how do i insert into databse?
- From: mak1084
- how do i insert into databse?
- Prev by Date: how do i insert into databse?
- Next by Date: HSQL Query Help Request
- Previous by thread: how do i insert into databse?
- Next by thread: HSQL Query Help Request
- Index(es):
