Not when it is used incorrectly, that is, in the same way as the regular Statement.
Please have a look at the PreparedStatement API and the JDBC tutorial. The trick is that you do not put the values into the text of the statement itself, but replace them with question marks (?) and use proper setXxxx methods (eg. setString) to set their values. When used this way, you don't need to handle any special characters.
posted 4 years ago
I suspected that is so, I find parametrizied query very annoying, hence, here I'm.
Even if the parametrizing is annoying, it is still much less annoying than handling all the data types (escaping the string, converting the dates and so on) correctly, especially as various database dialects tend to differ in these aspects.
What are you doing? You are supposed to be reading this tiny ad!
the new thread boost feature brings a LOT of attention to your favorite threads