PreparedStatement
escapes String
and Date
variables for you.
String sql = "Update KKKB1 set Pangkat= ? where Pangkat=? ";
pst=conn.prepareStatement(sql);
pst.setString(1, p1);
pst.setString(2, p2);
http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html
I think this code is a very bad idea. You should be closing your Connection
& PreparedStatement
in method scope. You should not be mingling UI and persistence code this way. You don't commit or rollback if the INSERT fails.