Just my preference. If you are taking user input, say from a HTML input box, you want to use PrepareStatment to formulate your SQL statement.
String query="SELECT info FROM superSecretTable WHERE password=?"; PreparedStatement pstmt = conn.prepareStatement( query ); pstmt.setString( 1, enteredPassword ); It's safer. A user, if they know your tables (angry ex-employee), could always enter SQL along with their data. For exmaple, if I entered .. 'baddata" OR password LIKE "%"' I'd get all the info from superSecretTable. On Tuesday 24 September 2002 6:32 am, Carl wrote: > Keith, > > I use MySQL with autincrement fields in essentailly all of my tables. I > keep all database activities in beans associated with the jsp pages. I use > a home rolled connection pooling process (actually copied from somewhere.) > Below is an insert from one of the beans: > String query="insert into assigning_preferences set " > +"item_serial="+item_serial+"," > +"weeks_of_month="+weeks_of_month+"," > +"always_use_this="+always_use_this+"," > +"last_person_serial="+personSerial; > > > In this case the autoincrement field is called > assigning_preferences_serial... note that it is left out of the insert > query thereby telling MySQL to create a value for the field. Works > flawlessly and has been very stable. > > Thanks, > > Carl Kabbe > > > > ----- Original Message ----- > From: "Keith Pemberton" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Tuesday, September 24, 2002 7:20 AM > Subject: RE: So what database and script language do you use? > > > Do you use auto_increment fields in any of your tables in MySQL. If so, > > have you found a good way to put entries into the table that has an > > auto_increment field. Everything I try will not automatically generate > > that field when I insert something from either a JSP page or servlet > > > > Keith > > > > On Tue, 2002-09-24 at 05:58, Cato, Christopher wrote: > > > > Apache + TomCat / MySQL / JSP > > Apache + mod_perl / MySQL / Perl > > > > are the two combinations I use > > > > /christopher > > > > > -----Original Message----- > > > From: Keith Pemberton [mailto:[EMAIL PROTECTED]] > > > Sent: den 24 september 2002 12:39 > > > To: [EMAIL PROTECTED] > > > Subject: So what database and script language do you use? > > > > > > > > > Hi everyone... > > > > > > I have been trying to use MySQL and JSP,Servlets to interact > > with > > > > my tomcat server. So far I have had a lot of frustration and > > > little luck. Anyway, I was just wonder what the majority of ppl > > > are using as a > > > database and scripting language. Your input is much appreciated! > > > > > > Keith > > > > -- > > To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> > > > For additional commands, e-mail: > > <mailto:[EMAIL PROTECTED]> -- John Walstra 1002 North Stanford Street Port Washington, WI 53074 H: (262) 284-2395 C: (847) 858-2395 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] No one knows what he can do till he tries. -- Publilius Syrus -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
