select * from users where username='<USER INPUT>';
But then a user could input something nasty and execute some arbitrary SQL statement after the select statement. (Imagine if the user input something like '; <arbitrary sql statement>;)
This is the primary use of PreparedStatements. See the example in the JavaDocs.
-- Serge Knystautas President Lokitech >>> software . strategy . design >> http://www.lokitech.com p. 301.656.5501 e. [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
