1 package it.cast.jdbc; 2  3 import java.sql.Connection; 4 import java.sql.PreparedStatement; 5 import java.sql.ResultSet; 6 import java.sql.SQLException; 7  8 public class SQLInject { 9 10     /**11      * @param args12      * @throws Exception13      * @throws SQLException14      */15     public static void main(String[] args) throws SQLException, Exception {16         read("zero");17     }18 19     // read20     static void read(String name) throws SQLException, ClassNotFoundException {21 22         Connection conn = null;23         PreparedStatement ps = null;24         ResultSet rs = null;25         // 2.建立连接26         conn = jdbcUtils.getConnection();27 28         String sql = "select id,name,birthday,money from user where name =?";29 30         // 3.创建语句31         ps = conn.prepareStatement(sql);32 33         ps.setString(1, name);34 35         // 4.执行语句36         rs = ps.executeQuery();37 38         // 5.处理结果39         while (rs.next()) {40             System.out.println(rs.getObject(1) + "\t" + rs.getObject(2) + "\t"41                     + rs.getObject(3) + "\t" + rs.getObject(4));42         }43 44         jdbcUtils.free(rs, ps, conn);45     }46 47 }