Passing parameters to a JDBC PreparedStatement

by

You should use the setString() method to set the userID. This both ensures that the statement is formatted properly, and prevents SQL injection: 

statement =con.prepareStatement("SELECT * from employee WHERE  userID = ?");
statement.setString(1, userID);

There is a nice tutorial on how to use PreparedStatements properly in the Java Tutorials.

More Related Contents:

  1. SQL syntax error in "insert into 'keys'(a,b,c,d,e) values(?,?,?,?,?)" [closed]
  2. Hours and seconds are lost when storing a date in the database [closed]
  3. Multiple queries executed in java in single statement
  4. Java: Insert multiple rows into MySQL with PreparedStatement
  5. ClassCastException: java.math.BigInteger cannot be cast to java.lang.Long on connect to MySQL
  6. Handling MySQL datetimes and timestamps in Java
  7. MySQL and JDBC with rewriteBatchedStatements=true
  8. Closing JDBC Connections in Pool
  9. No suitable driver found for ‘jdbc:mysql://localhost:3306/mysql [duplicate]
  10. com.mysql.jdbc.exceptions.jdbc4.CommunicationsException:Communications link failure [duplicate]
  11. “Loading class com.mysql.jdbc.Driver … is deprecated” message
  12. Returning a ResultSet
  13. How to change MySQL timezone in a database connection using Java?
  14. How to configure Tomcat to connect with MySQL
  15. Retrieve an Image stored as BLOB on a MYSQL DB
  16. Can I execute multiple queries separated by semicolon with MySQL Connector/J? [duplicate]
  17. mysql prepared statement error: MySQLSyntaxErrorException
  18. ‘0000-00-00 00:00:00’ can not be represented as java.sql.Timestamp error
  19. how to get list of Databases “Schema” names of MySql using java JDBC
  20. SQL Error: 0, SQLState: 08S01 Communications link failure [duplicate]
  21. Access denied for user ‘root’@’localhost’
  22. How to correctly write UTF-8 strings into MySQL through JDBC interface
  23. Glassfish Admin Console throws java.lang.IllegalStateException when creating JDBC Pool
  24. No matter what, I can’t batch MySQL INSERT statements in Hibernate
  25. java.sql.SQLException: Before start of result set [duplicate]
  26. How to use prepared statement for select query in Java?
  27. Stumped SQL Exception for JDBC
  28. A datetime equivalent in java.sql ? (is there a java.sql.datetime ?)
  29. How to connect to a remote MySQL database with Java?
  30. java.sql.SQLException: No database selected – why?

Leave a Comment