????SQL?????????????????????????????????????Web??ó???????Щ???????SQL??????Щ??????????SQL????????й?????????????????????????????????μ???????????????????????????????????
????prepareStatement????????sql???????Ч???
????preparedStatement??statement??????
????1??preparedStatement??statement???????
????2??preparedStatement??????sql????????
????3??preparedStatement????????????????sql????????????????????????
???????????

 

public User find??String username?? String password?? {
Connection conn = null;
PreparedStatement st = null;
ResultSet rs = null;
try{
conn = JdbcUtils.getConnection??????
String sql = "select * from users where username=? and password=?";
st = conn.prepareStatement??sql????
st.setString??1?? username????
st.setString??2?? password????
rs = st.executeQuery?????? //
if??rs.next??????{
User user = new User??????
user.setId??rs.getString??"id"??????
user.setUsername??rs.getString??"username"??????
user.setPassword??rs.getString??"password"??????
user.setEmail??rs.getString??"email"??????
user.setBirthday??rs.getDate??"birthday"??????
return user;
}
return null;
}catch ??Exception e?? {
throw new DaoException??e????
}finally{
JdbcUtils.release??conn?? st?? rs????
}