【Java】【JDBC】使用preparedStatement预

使用preparedStatement预编译解决SQL注入

/**
 * 执行登陆
 *
 * @return boolean
 * @throws Exception ?
 */
public boolean login() throws Exception {
    Connection connection = MyDatabase.getConn();
    PreparedStatement preparedStatement = connection.prepareStatement("SELECT * FROM user WHERE signin_name=?");
    preparedStatement.setString(1, signinName);
    ResultSet resultSet = preparedStatement.executeQuery();
    
    String pwd = "";
    while (resultSet.next()) {
        pwd = resultSet.getString("pwd");
    }
    MyDatabase.kill(connection, preparedStatement, resultSet);
    return pwd.equals(MyString.Md5(this.pwd));
}