例如:
String sql = "select * from user where username='" + username + "' and password ='" + password + "' ";
執行的時候自動就把變量轉換為字符串類型,“”表示字符串,‘’是SQL的字符串和字符
兩個雙引號和變量拼接在一起,會吧變量轉化為字符串
執行SQL的時候是這樣的select * from user where username='' and password ='';
練習
步驟:
1.創建數據庫表
CREATE TABLE user( id INT PRIMARY KEY AUTO_INCREMENT, username VARCHAR(32), PASSWORD VARCHAR(32) );
2.插入條記錄
INSERT INTO user VALUES(null,'zhangsan','123') INSERT INTO user VALUES(null,'lisi','234')
package cn.itcast.jdbc; import cn.itcast.util.JDBCUtils; import java.sql.Connection; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; import java.util.Scanner; public class JdbcDemo10 { public static void main(String[] args) { //1.鍵盤錄入,接收用戶名和密碼 Scanner sc = new Scanner(System.in); System.out.println("請輸入用戶名"); String username = sc.nextLine(); System.out.println("請輸入密碼"); String password = sc.nextLine(); //2.調用方法login,因為不是靜態方法,所以要創建對象 boolean flag = new JdbcDemo10().login(username, password); //3.判斷結果,輸出同語句 if (flag){ System.out.println("登錄成功"); }else { System.out.println("登錄失敗,用戶名或密碼錯誤"); } } /** * 登錄方法 */ public boolean login(String username, String password) { if (username == null || password == null) {//如果有一個為空就不用去連接數據庫,做操作 return false; } //連接數據庫是否判斷成功 Connection conn = null; Statement stmt = null; ResultSet rs = null; try { //1.獲取數據庫連接 conn = JDBCUtils.getConnection(); //2.定義SQL-------------------------------------拼接--------------------------------------------------- String sql = "select * from user where username='" + username + "' and password ='" + password + "' "; //3.獲取執行SQL的對象 stmt = conn.createStatement(); //4.執行查詢 rs = stmt.executeQuery(sql); //5.判斷 /* if (rs.next()){//不用這樣寫rs.next()返回的就是true,false return true; }else { return false; }*/ return rs.next();//如果有下一行返回true } catch (SQLException e) { e.printStackTrace(); } finally {//釋放資源 JDBCUtils.close(rs, stmt, conn); } return false; } }