Prepared Statement PreparedStatement pStmt conn.prepareStatement( "insert into instructor values(?,??,?)") pStmt.setString(1,"88877"); pStmt.setString(2,"Perry"); pStmt.setString(3,"Finance"); pStmt.setInt(4,125000); pStmt.executeUpdate(); pStmt.setString(1,"88878"); pStmt.executeUpdate(); WARNING:always use prepared statements when taking an input from the user and adding it to a query NEVER create a query by concatenating strings "insert into instructor values('"+ID +"'"name+"',"+" dept name +"'"balance+")" Vhat if name is“D'Souza”? Database System Concepts-6th Edition 5.11 @Silberschatz,Korth and SudarshanDatabase System Concepts - 6 5.11 ©Silberschatz, Korth and Sudarshan th Edition Prepared Statement PreparedStatement pStmt = conn.prepareStatement( "insert into instructor values(?,?,?,?)"); pStmt.setString(1, "88877"); pStmt.setString(2, "Perry"); pStmt.setString(3, "Finance"); pStmt.setInt(4, 125000); pStmt.executeUpdate(); pStmt.setString(1, "88878"); pStmt.executeUpdate(); WARNING: always use prepared statements when taking an input from the user and adding it to a query NEVER create a query by concatenating strings "insert into instructor values(’ " + ID + " ’, ’ " + name + " ’, " + " ’ + dept name + " ’, " ’ balance + ")“ What if name is “D’Souza”?