Preventing SQL injection without prepared statements (JDBC)

Question

I have a database log appender that inserts a variable number of log lines into the database every once in a while.

I\'d like to create an SQL statement in a way tha

Answer 1

what's wrong with using a regular prepared statement e.g. in the following pseudocode:

DatabaseConnection connection;
PreparedStatement insertStatement = ...;

    ...

connection.beginTransaction();
for (Item item : items)
{
   insertStatement.setParameter(1, item);
   insertStatement.execute();
}
connection.commitTransaction();

A smart database implementation will batch up several inserts into one communications exchange w/ the database server.