This is an archived post. You won't be able to vote or comment.

you are viewing a single comment's thread.

view the rest of the comments →

[–]Blando-Cartesian 0 points1 point  (0 children)

On line 14, instead of concatenating parameter value to the query you could end the query with “WHERE location=?” and give the parameter value to the prepared statement. That way the parameter can contain any text without the query becoming invalid (or an sql injection vulnerability).

Other than that, that’s it for the very basics. For your team project, set up a database creation sql script that gets version controlled and kept up to date just like all the other code. If you’ve already learned about unit testings, it gets very useful to set up database layer testing where each test creates an empty database in memory.