解决登录的注入问题

public static void main(String[] args) throws Exception {
    //解决登录的注入问题
    //****************控制台输入*****************
    Scanner sc = new Scanner(System.in);
    System.out.println("请输入账号");
    String user = sc.nextLine();
    System.out.println("请输入密码");
    String password = sc.nextLine();
    //*******************************************
    //1.创建和数据库的连接(这里直接用工具类wzwjdbc)
    Connection connection = WzwJDBC.getConncetion();
    //2.创建sql语句,查询账号密码
    String sql = "select * from user where name = ? and password = ?";
    //3.获取结果集
    PreparedStatement preparedStatement = connection.prepareStatement(sql);
    //4.给占位符?赋值
    preparedStatement.setString(1,user);
    preparedStatement.setString(2,password);
    //5.获取结果集
    ResultSet resultSet = preparedStatement.executeQuery();
    if(resultSet.next()){
        System.out.println("登录成功");
    }else{
        System.out.println("登录失败");
    }
    //6.释放资源
    WzwJDBC.close(resultSet,preparedStatement,connection);
}