1.注入
2 .预防
package com.jdbc;
import java.sql.*;
import java.util.Scanner;
public class loginDemo {
public static void main(String[] args)throws ClassNotFoundException, SQLException {
//1.注册驱动
Class.forName("com.mysql.jdbc.Driver");
//2.连接
String url = "jdbc:mysql://localhost:3306/zfj";
String username = "root";
String password = "root";
Connection con = DriverManager.getConnection(url,username,password);
//3.语句执行对象 (执行sql) 返回值 Statement
//Statement stat = con.createStatement();
Scanner sc = new Scanner(System.in);
String user = sc.nextLine();
String pas = sc.nextLine();
//4.执行sql 查询 select
String sql = "SELECT * FROM user where user_name= ? AND user_sex=?";
//防止注入
PreparedStatement pst = con.prepareStatement(sql);
pst.setObject(1,user);
pst.setObject(2,pas);
System.out.println(sql);
ResultSet rs = pst.executeQuery();
//处理结果集
while (rs.next()){
//获取每列的的数据
System.out.println(rs.getString("id")+" "+rs.getString("user_name")+" "+rs.getString("user_age")+" "+rs.getString("user_sex"));
}
//5.释放资源
rs.close();
pst.close();
con.close();
}
}