Database insertion

Question

if(lines.size() >= 5){
    String Actor  = it.next();
    String Bio = it.next();
    String More_Bio = it.next();
    String Reason = it.next();
    String Fact = it         


        

Answer 1

You should use PreparedStatement primarily because it prevents SQL injection attacks. @John Moses has posted a tutorial to use PreparedStatement from the Java official documentation, here is another good link: MySQL and Java JDBC - Tutorial.

Moving your code to PreparedStatement, it should be like this:

PreparedStatement ps = con.prepareStatement("INSERT INTO Tiffany(Actor, Bio, More_Bio, Reason, Fact) VALUES (?, ?, ?, ?, ?) ");
ps.setString(1, Actor);
ps.setString(2, Bio);
ps.setString(3, More_Bio);
ps.setString(4, Reason);
ps.setString(5, Fact);
ps.executeUpdate();

Don't forget to close your resources after use them:

ps.close();
con.close();

Answer 2

You need to escape your single quotes. Fortunately, Java takes care of this with PreparedStatements http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html