Home/ Questions/Q 7406749
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T05:36:17+00:00

How can I add record into my database? I am afraid, that when i

  • 0

How can I add record into my database? I am afraid, that when i do it like this, in database there will be cell containing “veriable1”, not veriable1 content. Is this correct?

public class Record
{
    public Record(String veriable1, String veriable2) throws IOException, SQLException
        {
           addRecord();
        }

        private void addRecord() throws IOException, SQLException
        {   
            try
            {
                Statement stat = DataBase.Connect().createStatement();

                stat.executeUpdate("INSERT INTO tableName "
                                 + "(veriable1, veriable2) "
                                 + "VALUES "
                                 + "(veriable1, veriable2)");
            }
            finally
            {
                BazaDanych.Polacz().close();
            }   

        }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can (should) use PreparedStatement for this.

    String SQL = "INSERT INTO tableName (variable1, variable2) VALUES (?, ?)";
Connection connection = null;
PreparedStatement statement = null;

try {
    connection = database.getConnection();
    statement = connection.prepareStatement(SQL);
    statement.setString(1, variable1);
    statement.setString(2, variable2);
    statement.executeUpdate();
} finally {
    if (statement != null) try { statement.close(); } catch (IOException ignore) {}
    if (connection != null) try { connection.close(); } catch (IOException ignore) {}
}

    If offers the advantage that any potential SQL injection attacks will be eliminated, in contrary to when using string concatenation as suggested by other answers.

    Also note that I slightly rewrote the way how the resources are handled. The above way is the standard JDBC idiom. It ensures that the PreparedStatement is also closed before the Connection is closed, otherwise you will run out of resources when the Connection concerns a pooled connection.

    See also:

    • 0