jdbc操作mysql数据库（防止注入攻击版本）

package TestJDBC;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;

public class SQLDemo {

public static void main(String[] args) {

SQLDemo demo = new SQLDemo();
//demo.login("a' or 'a'='a", "a' or 'a'='a");
demo.login("zs", "zs");
}

public static Connection getConnection() throws Exception{
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/web08";
return DriverManager.getConnection(url, "root", "root");
}

public void login(String username,String password){
Connection conn = null;
PreparedStatement ps = null;
ResultSet rs = null;
try{
conn = getConnection();
String sql = "select * from user where username=? and password=?";
ps = conn.prepareStatement(sql);
ps.setString(1, username);
ps.setString(2, password);
rs = ps.executeQuery();
if(rs.next()){
System.out.println("欢迎："+rs.getString("username"));
}else {
System.out.println("用户名或密码错误");
}
}catch(Exception e){
e.printStackTrace();
}finally{
try{
if(rs!=null) rs.close();
if(ps!=null) ps.close();
if(conn!=null) conn.close();
}catch(Exception e){
e.printStackTrace();
}
}
}
}