拼接sql语句的时候注意事项

public void addstu(Student student) throws Exception{
String sqlString="insert into student values("+student.getId()+","
+ "'"+student.getName()+"','"+student.getSname()+"',"+student.getAge()+")";
JdbcTools.update(sqlString);

对于整型直接用引号跟加号组合

而对于字符型需要在两边加上单引号