PreparedStatement
Precompiled
Function: Prevent Sql injection
[Notes] The real pre-compilation function needs to be manually enabled. This method is only to pre-input the parameter
template code
String user_name = "def";
String user_password = "ddeeff";
//4、定义Sql
String sql = "SELECT * FROM user WHERE user_name = ? and user_password = ? ";
//5、获取pstsm对象
PreparedStatement pstmt = conn.prepareStatement(sql);
//设置值
pstmt.setString(1,user_name);//问号1,参数值
pstmt.setString(2,user_password);//问号2,参数值
//6、执行Sql
ResultSet rs = pstmt.executeQuery();
//7、处理结果
if(rs.next()){
System.out.println("成功");
}
else {
System.out.println("失败");
}