数据库增删改查因文本包含sql语句造成语法错误问题解决方法

两种sql语句比较：第二种语句解决了因文本包含sql语句造成语法错误问题

1.

String sql="insert into news(title,content,newsType,time,author,note)"
    + "values('"+news.getTitle()+"','"+news.getContent()+"',"
    +news.getNewsType()+",'"+time+"','"+news.getAuthor()+"','"+news.getNote()+"')";

//int num =db.insertOrUpdate(sql);
2.

String sql="insert into news(title,content,newsType,time,author,note)values(?,?,?,?,?,?)";
//BBS解决了上面因文本包含sql语句造成语法错误问题
Connection conn=(Connection) db.connect();
boolean autoCommit = conn.getAutoCommit();
conn.setAutoCommit(false);
PreparedStatement pstmt = ConnDB.prepareStmt(conn, sql);
pstmt.setString(1, news.getTitle());
pstmt.setString(2, news.getContent());
pstmt.setInt(3, news.getNewsType());
pstmt.setString(4, time);
pstmt.setString(5, news.getAuthor());
pstmt.setString(6, news.getNote());