It is a security risk to use the fields types by the user as is, in
the SQL statements. That makes your application vulnerable to SQL
injection attacks. I think using PreparedStatements is a good
solution. Another solution would be to use Stored Procedures but I
presume you don't have a requirements for that.

- Yagiz Erkan -
http://yagiz.blogspot.com
http://www.erkans.com

====================================================================
Companion Site: http://www.corej2eepatterns.com
J2EE BluePrints: http://java.sun.com/blueprints/corej2eepatterns
List Archive: http://archives.java.sun.com/archives/j2eepatterns-interest.html
Unsubscribing: email "signoff J2EEPATTERNS-INTEREST" to listserv@(protected)