private int chackId(String tableName,String idName,int step){
int returnId = 0;
DBHelper dbHelper = null;
ResultSet ret = null;
String sql = "select Max(" + idName + ") from "
+ tableName;
dbHelper = SqlMove.dbHelper;// 创建DBHelper对象
try {
ret = dbHelper.conn.prepareStatement(sql).executeQuery();
while (ret.next()) {
returnId = ret.getInt(1)+step;
}
} catch (SQLException e) {
e.printStackTrace();
}
return returnId;
}
这个是不是就用了预编译加字段拼接?还可以防止注入吗