1、SQL Injection problem

- SQL Vulnerability , Can be attacked and result in data leakage 

2、PreparedStatement object

• PreparedStatement Can prevent SQL Inject , More efficient

  package demo;
  
  import java.sql.Connection;
  import java.sql.PreparedStatement;
  import java.sql.SQLException;
  import java.util.Date;
  
  public class TestInsert01 {
        
      public static void main( String[] args ) {
        
          Connection conn = null;
          PreparedStatement st= null;
          try {
        
              conn=JdbcUtils.getConnection();
              // Use ?  Instead of parameters 
              String sql ="INSERT\tINTO users(`id`,`NAME`,`PASSWORD`,`email`,`birthday`) VALUES(?,?,?,?,?)";
              st = conn.prepareStatement(sql);
  
              // Assign parameters manually 
              st.setInt(1,5);
              st.setString(2,"Java be unable to learn how to do sth. ");
              st.setString(3,"123456");
              st.setString(4,"[email protected]");
              st.setDate(5,new java.sql.Date(new Date().getTime()));
  
              // perform 
              int i = st.executeUpdate();
              if(i>0){
        
                  System.out.println(" Insert the success ！");
              }
          } catch (SQLException e) {
        
              e.printStackTrace();
          }finally {
        
              JdbcUtils.release(conn,st,null);
          }
      }
  }