SQL注入原理及PreparedStatement的使用
String sql="select * from test where usernmae=? and password=?"; PreparedStatement psm=conn.preparedStatement(sql);psm.setString(1,myname);
psm.setString(2,mypasswd);
Result rs=psm.executeQuery();
if(rs.next){
rs.close();
con.close();
return false;
}
else{
rs.close();
con.close();
return true;
}
页:
[1]