public List getUserByName(String name,String password){ ResultSet rs = null; PreparedStatement stat = null; Connection conn = null; List list = new ArrayList(); try { conn = createConnection(); String sql = "select name,password from manager where name=? and password=?"; stat = conn.prepareStatement(sql); stat.setString(1, name); stat.setString(2, password); rs = stat.executeQuery(sql); while (rs.next()) { System.out.println(rs.getString(1)); String []user = new String[2]; user[0] = rs.getString(1); user[1] = rs.getString(2); list.add(user); } } catch (Exception e) { e.printStackTrace(); } finally { closeAll(rs, stat, conn); } return list; }
查看更多关于jdbc防止sql注入-PreparedStatement - 网站安全 - 自学的详细内容...