How does Java’s PreparedStatement work?
If you have a variable that comes from user input, it’s essential that you use the ? rather than concatenating the strings. Users might enter a string maliciously, and if you drop the string straight into SQL it can run a command you didn’t intend. I realise this one is overused, but it says it … Read more