PreparedStatement的应用

 1 package it.cast.jdbc;
 2 
 3 import java.sql.Connection;
 4 import java.sql.PreparedStatement;
 5 import java.sql.ResultSet;
 6 import java.sql.SQLException;
 7 
 8 public class SQLInject {
 9 
10     /**
11      * @param args
12      * @throws Exception
13      * @throws SQLException
14      */
15     public static void main(String[] args) throws SQLException, Exception {
16         read("zero");
17     }
18 
19     // read
20     static void read(String name) throws SQLException, ClassNotFoundException {
21 
22         Connection conn = null;
23         PreparedStatement ps = null;
24         ResultSet rs = null;
25         // 2.建立连接
26         conn = jdbcUtils.getConnection();
27 
28         String sql = "select id,name,birthday,money from user where name =?";
29 
30         // 3.创建语句
31         ps = conn.prepareStatement(sql);
32 
33         ps.setString(1, name);
34 
35         // 4.执行语句
36         rs = ps.executeQuery();
37 
38         // 5.处理结果
39         while (rs.next()) {
40             System.out.println(rs.getObject(1) + "\t" + rs.getObject(2) + "\t"
41                     + rs.getObject(3) + "\t" + rs.getObject(4));
42         }
43 
44         jdbcUtils.free(rs, ps, conn);
45     }
46 
47 }