0

this is the code what I am using to insert the data. Is this the best way?

       try 
      {
           st =  conect.createStatement();
           sql_v = "insert into VENDEDORES(ID,name,firstlast_name,secondlast_name,phone,celphone) \n"
                  + " values("+ID+",'name','fln','sln','ph','clp')";

          st.executeUpdate(sql_v);
      } 
      catch (Exception ex) {
            JOptionPane.showMessageDialog(null,"","ERROR",JOptionPane.ERROR_MESSAGE);
      }
Improve this question
2
  • 4
    This question appears to be off-topic because it is about improving working code. It is more suited for codereview.stackexchange.com Commented Jul 22, 2014 at 19:39
  • possible duplicate of java sql insert Commented Jul 22, 2014 at 20:20

1 Answer 1

Reset to default
5

Is this the best way?

No its not the best way.

I suggest to use PreparedStatement

Advantage of using PreparedStatement over Statement

  • A SQL statement is precompiled and stored in a PreparedStatement object.
  • This object can then be used to efficiently execute this statement multiple times.
  • Reduces execution time.
  • Automatic prevention of SQL injection attacks by builtin escaping of quotes and other special characters

Read more PreparedStatements and performance

Here is the sample code provided by mkyong

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

protection against SQL injection should really be #1
@Cruncher that's I used bullet points instead of giving it numbering.
I get it. I was just emphasising. BTW, I'm pretty sure that if you one-off a prepared statement, then it's actually slower than a statement. I could be wrong on that though.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.