PreparedStatement
预编译
作用:预防Sql注入
【注意事项】真正的预编译功能需要手动开启,本方法只是预传入参数
模板代码
String user_name = "def";
String user_password = "ddeeff";
//4、定义Sql
String sql = "SELECT * FROM user WHERE user_name = ? and user_password = ? ";
//5、获取pstsm对象
PreparedStatement pstmt = conn.prepareStatement(sql);
//设置值
pstmt.setString(1,user_name);//问号1,参数值
pstmt.setString(2,user_password);//问号2,参数值
//6、执行Sql
ResultSet rs = pstmt.executeQuery();
//7、处理结果
if(rs.next()){
System.out.println("成功");
}
else {
System.out.println("失败");
}
