How should I insert data from a program in java to a database in mysql?

Question

this is the code what I am using to insert the data. Is this the best way?

       try 
      {
           st =  conect.createStatement();
           sql_v = "insert into VENDEDORES(ID,name,firstlast_name,secondlast_name,phone,celphone) \n"
                  + " values("+ID+",'name','fln','sln','ph','clp')";

          st.executeUpdate(sql_v);
      } 
      catch (Exception ex) {
            JOptionPane.showMessageDialog(null,"","ERROR",JOptionPane.ERROR_MESSAGE);
      }

This question appears to be off-topic because it is about improving working code. It is more suited for http://codereview.stackexchange.com/ — Gerald Schneider, Jul 22 '14 at 19:39
possible duplicate of [java sql insert](http://stackoverflow.com/questions/13980144/java-sql-insert) — Kevin Panko, Jul 22 '14 at 20:20

score 5 · Accepted Answer · edited May 23 '17 at 11:50

5

Is this the best way?

No its not the best way.

I suggest to use PreparedStatement

Advantage of using PreparedStatement over Statement

A SQL statement is precompiled and stored in a PreparedStatement object.
This object can then be used to efficiently execute this statement multiple times.
Reduces execution time.
Automatic prevention of SQL injection attacks by builtin escaping of quotes and other special characters

Read more PreparedStatements and performance

Here is the sample code provided by mkyong

edited May 23 '17 at 11:50

Community

1
1

answered Jul 22 '14 at 19:37

Braj

46,415
5
60
76

protection against SQL injection should really be #1 – Cruncher Jul 22 '14 at 19:46
@Cruncher that's I used bullet points instead of giving it numbering. – Braj Jul 22 '14 at 19:47
I get it. I was just emphasising. BTW, I'm pretty sure that if you one-off a prepared statement, then it's actually slower than a statement. I could be wrong on that though. – Cruncher Jul 22 '14 at 19:55

How should I insert data from a program in java to a database in mysql?

1 Answers1