Oracle Jdbc 防sql注入

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

/**
 * 
 */

/**
 * @author john
 *
 */
public class Demo {

	/**
	 * @param args
	 * @throws Exception 
	 */
	public static boolean login (String Username ,String Password ) throws Exception {
		String driverClassName = "oracle.jdbc.driver.OracleDriver" ;
		String url = "jdbc:oracle:thin:@103.44.145.243:55090:oracle" ;
		String username = "";
		String password = ""; 
		//加载驱动类
		Class.forName(driverClassName) ;
		Connection con = DriverManager.getConnection(url, username, password) ;
		//得到statement
		Statement stmt = con.createStatement() ;
		//给出sql
		String sql = "select * from MYUSER where USERNAME ='"+Username+"' and PASSWORD = '"+Password+"'"; 
		ResultSet rs = stmt.executeQuery(sql);
		return rs.next();
//		return false ;
		}
	public static boolean login2 (String Username ,String Password ) throws Exception {
		String driverClassName = "oracle.jdbc.driver.OracleDriver" ;
		String url = "jdbc:oracle:thin:@103.44.145.243:55090:oracle" ;
		String username = "";
		String password = ""; 
		//加载驱动类
		Class.forName(driverClassName) ;
		Connection con = DriverManager.getConnection(url, username, password) ;
		//得到statement
//		Statement stmt = con.createStatement() ;
		//给出sql
		/*
		 * 得到preparedStatement
		 * 1.得到sql模板 
		 * 2.调用con方法，得到preparement
		 */
		String sql = "select * from MYUSER where USERNAME=?and PASSWORD = ?";
		PreparedStatement psmt = con.prepareStatement(sql);
		/*
		 * 为参数赋值
		 */
		psmt.setString(1,Username);//给问号赋值
		psmt.setString(2, Password);
		ResultSet rs = psmt.executeQuery();//调用查询方法
		
		return rs.next() ;
		}
	public static void main(String[] args) throws Exception {
		// TODO Auto-generated method stub
		boolean bool2 =  login2("a' or 'a' = 'a","a' or 'a' = 'a") ;
		System.out.println(bool2);
		boolean bool =  login("a' or 'a' = 'a","a' or 'a' = 'a") ;
		System.out.println(bool);
		
	}

}