JDBC解决SQL注入问题 急求!!!!
package hnie.oracle;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
public class SQLInject {
public static void main(String [] args) {
read("1011");
}
public static void read(String dno) {
Connection conn = null;
PreparedStatement ps = null;
ResultSet rs = null;
try {
conn = OracleJDBCUtil.getConnetion();
String sql = "SELECT DNO,NAME,LOC FROM mytable WHERE DNO=?";
ps = conn.prepareStatement("SELECT DNO,NAME,LOC FROM mytable WHERE DNO=?");
ps.setString(1, dno);
System.out.println(sql);
rs = ps.executeQuery();
while(rs.next()) {
System.out.println(rs.getObject(1) + "\t" + rs.getString(2) + "\t" + rs.getString(3));
}
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} finally {
OracleJDBCUtil.free(ps, rs, conn);
}
}
}
为什么没有输出呀,,,sql语句中的?在后面不是调用setString()设置了吗???怎么还是有问题呢???