一個(gè)Java程序員寫(xiě)了下面一段代碼，
String artist = request.getParameter(“artist”);
String genre = request.getParameter(“genre”);
String album = request.getParameter(“album”);
Statement s = connection.createStatement();
s.executeQuery(“SELECT() FROM music WHERE artist = ‘” + artist +
‘” AND genre = ‘” + genre + ‘” AND album = ‘” + album + “’”);
請(qǐng)問(wèn)從安全角度來(lái)說(shuō)有什么問(wèn)題？ ()