采用预编译语句集,它内置了处理SQL注入的能力,只要使用它的setString方法传值即可:
String
sql=
"select
*
from
users
where
username=?;
PreparedStatement
preState
=
conn.prepareStatement(sql);
preState.setString(1,
userName);
preState.setString(2,
password);
ResultSet
rs
=
preState.executeQuery();
内容全部来源于网络收集,如有侵权,请联系网站删除:QQ:24596024