Bezpečnost: Injection a SQL Injection

Ukázka:

String query = "select * from tabulka where field = '"+param+"'";

param="' or 1=1 or field = '"