?
Solved

URGENT!!!-Sql statement

Posted on 2003-12-11
5
Medium Priority
?
255 Views
Last Modified: 2010-04-01
i need to have a sql statement like thiw:

String Query = "delete FROM userskills where username='"+vol.getUsername()+"' "and skill='"+request.getParameter("id")+"'";
  but i get error, i think the way i right sql statement not so ok.

thanks
0
Comment
Question by:Jasbir21
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 35

Expert Comment

by:TimYates
ID: 9919920
String Query = "delete FROM userskills where username='"+vol.getUsername()+"' and skill='"+request.getParameter("id")+"'";
0
 
LVL 35

Accepted Solution

by:
TimYates earned 260 total points
ID: 9919939
better is:

PreparedStatement stmt = conn.prepareStatement( "delete FROM userskills where username=? and skill=?" ) ;
stmt.setString( 1, vol.getUsername() ) ;
stmt.setString( 2, request.getParameter( "id" ) ) ;
stmt.executeUpdate() ;

(don't forget to close your statement)

This way, you can't have problems with "SQL injection"

0
 

Author Comment

by:Jasbir21
ID: 9919993
thank you very much.

0
 
LVL 35

Expert Comment

by:TimYates
ID: 9920036
:-)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
We are witnesses that everyone is saying that our children shouldn't "play" with a technology because it is dangerous. This article is going to prove that they are wrong.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question