I created the method to insert into database using statement. My schoolteacher asked me to changed to prepared statement to prevent SQL injection but I didn't understand how.
Here's the code that I wrote:
public void ajouterEntreprise(Entreprise e) {
Statement stm;
try {
stm = cnx.createStatement();
String query = "INSERT INTO `user`(`nom`, `email`, `password`, `tel`,`role`,`offre`) VALUES ('" + e.getNom() + "','" + e.getEmail() + "','" + e.getPassword() + "','" + e.getTel() + " ', " + e.getRole().getId() + ",'" + e.getOffre() + "')";
stm.executeUpdate(query);
} catch (SQLException ex) {
Logger.getLogger(ServiceEntreprise.class.getName()).log(Level.SEVERE, null, ex);
}
}
Can anyone help me modify this to use a prepared statement?
Aucun commentaire:
Enregistrer un commentaire