Paul Clapham wrote:Don't do it that way. Use a PreparedStatement which uses parametrized queries instead. Like this:
PreparedStatement ps = conn.prepareStatement("SELECT * FROM employees WHERE employee_id = ?");
ResultSet rs = ps.executeQuery();
That's assuming that your employee_id column is actually declared as a text column in the database and not a numeric column.