Java General Error On Insert…???

Question

I am trying to do an Insert, Update and Delete on a table in MS Access. Everything works fine

for a SELECT statement. But when doing the o

Answer 1

The main reason for using a PreparedStatement is security. Generating a SQL query by concating strings is unsafe as the variable parts may contain SQL statements entered by a user. This would allow to execute statements like DROP TABLE * to the user (see SQL Injection). Theres is is a good idea only to use PreparedStatemnts if the SQL query is not static (doe snot contain variable parts). Therefore it would be better also to use PreparedStatement for SELECT statements.