Comments - MariaDB server version for the right syntax to use near 'WHERE id =1'

1 year, 2 months ago Markus Mäkelä

Re: MariaDB server version for the right syntax to use near 'WHERE id =1'

You should probably use a prepared statement instead of combining values into a string. That's a classic case for SQL injection to occur. Here's a short example of how you could add this into the code:

statement = con.prepareStatement("SELECT * FROM clinic WHERE id = ?");
statement.setInt(1, id);
resultSet = statement.executeQuery();

Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.

Comments - MariaDB server version for the right syntax to use near 'WHERE id =1'

Products

Services

Pricing

Resources

About Us

Download MariaDB