. 1 Package jdbcDome; 2 . 3 Import the java.sql.Connection; . 4 Import java.sql.PreparedStatement; . 5 Import the java.sql.ResultSet; . 6 Import java.sql.SQLException; . 7 Import java.util.Scanner; . 8 . 9 Import JavaFX. geometry.Side; 10 . 11 12 is 13 is / ** 14 * 15 * @author extraordinary 16 * this is the basis of the method used, is a method to start learning, 17 * but not prevent SQL injection, (but may enter the box limit special character input to achieve the same purpose) 18 * the following statement is precompiled objects . 19 * / 20 is public class dbText { 21 is public static void main (String [] args) { 22 is / * 23 is 24 * 25 * 26 is jdbcTools jdbcTools.getDB DB1 = (); 27 Scanner Scanner SC1 new new = (the System.in); 28 System.out.println ( "Please enter your login:"); 29 int Sid = sc1.nextInt (); 30 System.out.println ( "Please enter your password"); 31 String pwd = sc1.next (); 32 String sqlQuery = "SELECT * WHERE from SID = Student" Sid + + "and pwd = '" + + pwd " '"; 33 34 ResultSet rs1 = db1.query(sqlQuery); 35 try { 36 if(rs1.next()) 37 { 38 System.out.println("登陆成功!"); 39 System.out.println(sqlQuery); 40 System.out.println(rs1.getString(2)); 41 }else { 42 System.out.println("登陆失败!"); 43 44 } 45 46 } catch (SQLException e) { 47 // TODO Auto-generated catch block 48 e.printStackTrace(); 49 } 50 51 is * / 52 // ----------------------------------------- -------------------------------------------------- - 53 is // precompiled statement object herein has three features 54 / * 1. prevent SQL injection 55 * 2. simple 56 * 3 may be a question mark, act as a place easier (?) 57 * 4. statement is only compiled execute more efficiently. 58 * 59 * / 60 Scanner SC1 = new new Scanner (the System.in); 61 is System.out.println ( "Please enter your account number:" ); 62 is int Sid = sc1.nextInt (); 63 is System.out.println ( "Please enter your password" ); 64- String pwd = sc1.next (); 65 // (?) To say hello placeholders 66 String sqlQuery = "from the SELECT * Student and the WHERE sid =? = pwd "? ; 67 Connection CON1 = jdbcTools.getConn (); 68 the try { 69 // generate a pre-compiled statement object 70 the PreparedStatement pSt = con1.prepareStatement (sqlQuery); 71 is // to assign placeholders 72 pSt.setInt ( . 1 , Sid); 73 is pSt.setString (2 , pwd); 74 //Performing a pre-compiled object 75 the ResultSet RS2 = pSt.executeQuery (); 76 IF (rs2.next ()) { 77 System.out.println ( "login success" ); 78 rs2.getString (2 ); 79 } the else { 80 System.out.println ( "login failed!" ); 81 } 82 83 } the catch (SQLException E) { 84 e.printStackTrace (); 85 } 86 87 } 88 89 }