This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Please promise me that this is just some code to play around with, and that you will never, ever allow anything like this into any kind of production environment. Allowing an HTTP request parameter into your SQL text like this means that a malicious user can do anything they like with your database through SQL injection.
In production, you should always use a PreparedStatement here.
- Peter [ August 05, 2004: Message edited by: Peter den Haan ]