Passing parameters to a JDBC PreparedStatement

Question

I\'m trying to make my validation class for my program. I already establish the connection to the MySQL database and I already inserted rows into the table. The table consis

Answer 1

You should use the setString() method to set the userID. This both ensures that the statement is formatted properly, and prevents SQL injection:

statement =con.prepareStatement("SELECT * from employee WHERE  userID = ?");
statement.setString(1, userID);

There is a nice tutorial on how to use PreparedStatements properly in the Java Tutorials.