When I use query- "INSERT INTO tab_name VALUES(param1,param2)" and passes email as parameter it shows syntax error at char "@"... why? I know that this can be solved by using PreparedStatement... but if I wants to use same query..how to do it?
Wendy Gibbons wrote:oh you think he had missed the quotes and it was trying to use them as column names
Yeah, this commonly happens when people don't use PreparedStatement and try to build their SQL via string concatenation. Which is why you should always use PreparedStatement unless there's an extremely good reason why you can't.