PreparedStatement pcmd = conn.prepareStatement("insert into tblTopic(id,title,content) values(?,?,?)");
String id = request.getParameter("id");
String title = request.getParameter("title");
String content = request.getParameter("content");
pcmd.setString(1,id);
pcmd.setString(2,title);
pcmd.setString(3,content);
pcmd.executeUpdate();
说明:sql语句中变量用?代替位置,执行语句前用setXXX方法给参数赋值,然后用executeUpdate()更新执行。