[英]get data from user then insert it in javadb
If I have a code with interface that takes data from user then stores this data in variables of type string, how can I insert this variable in a database? 如果我有一个带有接口的代码,该接口从用户那里获取数据,然后将该数据存储在字符串类型的变量中,那么如何在数据库中插入此变量? Here is an example of what I say :
这是我说的一个例子:
String s1="user@hotmail.com";
Class.forName("org.apache.derby.jdbc.ClientDriver");
Connection con=
DriverManager.getConnection("jdbc:derby://localhost:1527/SampleDB","app","app");
Statement st=con.createStatement();
st.executeUpdate("INSERT INTO EMAIL"+"(ID)"+"VALUES(s1)");
But this way is not working and doesn't insert this variable of type string in database! 但是这种方式不起作用,并且不会在数据库中插入字符串类型的变量!
How can I do this? 我怎样才能做到这一点?
Use PreparedStatemt
. 使用
PreparedStatemt
。 You can find an example in http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html 您可以在http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html中找到示例
To prevent SQL injection all queries should be parametrized and String concatenation should never be used to create dynamic SQL. 为了防止SQL注入,应该对所有查询进行参数设置,并且绝不应使用String串联来创建动态SQL。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.