sql注入

（1）登录例子

• 静态sql（createStatement）容易产生sql注入问题，prepareStatement不会产生sql注入

• 用户输入用户名和密码，判断是否登录成功

  string name1 = “zhangsan” string password1 = “123” select * from user where username = name1 and password = password1

• password用户输入了 ‘a’ or ‘a’ = ‘a’，导致返回了全部数据

  select * from user where username = name1 and password = ‘a’ or ‘a’ = ‘a’