O'Reilly logo

MySQL™ and JSP™ Web Applications: Data-Driven Programming Using Tomcat and MySQL by James Turner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Using PreparedStatement

The ordinary Statement class is fine for running queries that don't have parameters, but as soon as you need to be able to add Java variables to SQL statements, they get clumsy. For example, let's say that you have a variable called findLast that is holding a string containing a last name. You want to find all the employees with that last name. To do it with a statement, it would have to look like this:

Statement st = conn.createStatement();
ResultSet rs = st.executeQuery("SELECT * FROM employees where lname_txt = '" + findLast + "'");

That's an unattractive piece of code, especially because you have to remember to put single quotes around the string value. But worse, if there are “special characters such as ' that are ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required