摘要:
参考:http://hi.baidu.com/wangyue06/item/c00c824b35cf740ae835049c1.传统JDBC,采用PreparedStatement 。预编译语句集,内置了处理SQL注入的能力 String sql= "select * from users where username=? and password=?"; //如果把?改为:username1,按参数名绑定 PreparedStatement preState = conn.prepareStatement(sql); preState.setString(... 阅读全文