Can I use STATEMENT with references like PREPAREDSTATEMENT?

Navigation
0

With PREPAREDSTATEMENT the references of the values are passed to the QUERY but will there be any way to do it with STATEMENT ?

With prepared statement I do it this way: 

String sql = "SELECT * FROM alumons WHERE nombre = ? AND pass = ?";

System.out.println("Query => " + sql);

//Le pasamos los parametros por un ?
ps = con.prepareStatement(sql);
ps.setString(1, per.getNombre());
ps.setString(2, per.getPass());
    
asked by Giorgio Magaña 28.05.2017 в 18:57
source

1 answer

0

No, you can not. The programmer has to mount the SQL in a String (it is also not so complicated with MessageFormat ).

In addition to programming the SQL mount, this implies that the programmer must be careful to "disinfect" the values that come from outside the program to ensure that they are not a risk of SQL injection.

    
answered by 28.05.2017 / 19:45
source
Update mysql row at expiration date Why does "Constant expression contains invalid operations" error appear in connection class using PDO in PHP?