Solved

URGENT!!!-Sql statement

Posted on 2003-12-11
5
248 Views
Last Modified: 2010-04-01
i need to have a sql statement like thiw:

String Query = "delete FROM userskills where username='"+vol.getUsername()+"' "and skill='"+request.getParameter("id")+"'";
  but i get error, i think the way i right sql statement not so ok.

thanks
0
Comment
Question by:Jasbir21
  • 4
5 Comments
 
LVL 35

Expert Comment

by:TimYates
ID: 9919920
String Query = "delete FROM userskills where username='"+vol.getUsername()+"' and skill='"+request.getParameter("id")+"'";
0
 
LVL 35

Accepted Solution

by:
TimYates earned 65 total points
ID: 9919939
better is:

PreparedStatement stmt = conn.prepareStatement( "delete FROM userskills where username=? and skill=?" ) ;
stmt.setString( 1, vol.getUsername() ) ;
stmt.setString( 2, request.getParameter( "id" ) ) ;
stmt.executeUpdate() ;

(don't forget to close your statement)

This way, you can't have problems with "SQL injection"

0
 
LVL 35

Expert Comment

by:TimYates
ID: 9919945
0
 

Author Comment

by:Jasbir21
ID: 9919993
thank you very much.

0
 
LVL 35

Expert Comment

by:TimYates
ID: 9920036
:-)
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Google always has something new and amazing up its sleeve, and the most current thing that they have been working on is another step in the evolution of Google Search, from machine learning to its brilliant successor, deep learning.
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question