how to use a variable in a where clause

I use jsp and sql and I want to query a table using a variable that I have already declared (entity) here is my query:

..
String **entite**="informati开发者_Python百科que";
entite="informatique"

...
rs = st.executeQuery ("select * from User where User.id_e= &**entite** ");

entite is a variable

my question is: how to use a variable in a where clause

---

My prefered solution - Use a PreparedStatement with ? and setString(...) for parameters.

See further details here:

http://download.oracle.com/javase/tutorial/jdbc/basics/prepared.html

---

The best and safe way is to use PreparedStatement to bind variables to the query.

For example see (hope the link does not break in a second) http://download.oracle.com/javase/1.4.2/docs/api/java/sql/PreparedStatement.html

You can use escaping techniques, however they are error prone and quite too often lead to SQL injection attacks and/or database corruption.