4.3 Use Bind Arguments with JDBC Applications |
||||||||||
You can also use bind arguments in JDBC applications to eliminate SQL injection exposure. This JDBC PreparedStatement containing string concatenation:
can be rewritten to use bind arguments. The question marks are placeholders for the bind arguments, lname and fname:
|