從C＃轉換成Java JDBC

Question

我使用C＃來操縱SQL服務器

using (SqlConnection myDatabaseConnection = new SqlConnection(myConnectionString.ConnectionString)) 
      { 
       myDatabaseConnection.Open(); 
       using (SqlCommand SqlCommand = new SqlCommand("Select * from Users where Username = @UserName and Password = @Password", myDatabaseConnection)) 
       { 
        SqlCommand.CommandType = CommandType.Text; 
        SqlCommand.Parameters.AddWithValue("@UserName", TextBox1.Text); 
        SqlCommand.Parameters.AddWithValue("@Password", TextBox2.Text); 
        SqlDataReader DR1 = SqlCommand.ExecuteReader(); 
        if (DR1.Read()) 
        { 
        //somecodes 
        } 
       } 
      } 

我怎麼會它使用JDBC和MySQL作爲數據庫轉換爲Java數據驗證碼？並且可以避免SQL注入。

試用：

try (Connection conn = DriverManager.getConnection(dbURL, username, password)) { 
      String sql = "Select * from Users where Username = @UserName and Password = @Password"; 
      Statement statement = conn.createStatement(); 
      //parameters? 
      ResultSet result = statement.executeQuery(sql); 
      while (result.next()){ 
       //somecode 
      } 

     } catch (SQLException ex) { 
      ex.printStackTrace(); 
     } 

Answer 1

JDBC使用?字符作爲佔位符綁定變量通常會去。您必須使用PreparedStatement才能使用?佔位符。然後你可以調用setXXX方法（這裏是基於1的索引！）來綁定變量然後執行。

String sql = "Select * from Users where Username = ? and Password = ?"; 
PreparedStatement pStatement = conn.prepareStatement(sql); 
pStatement.setString(1, username); 
pStatement.setString(2, password); 
ResultSet rs = statement.executeQuery();