This week's book giveaway is in the OCMJEA forum. We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line! See this thread for details.
Anything other than a PreparedStatement is madness. This becomes even clearer when you start to consider things like date formats. Ok, so you could use ANSI SQL escape syntax -- hands up everyone who can write down a date literal using escape syntax without consulting some kind of reference! And now hands up those who'd never heard of this syntax before... Thought so. - Peter