//定义sql
String sql = "select * from user where username= '"+username+"' and password='"+password+"'";
System.out.println(sql);
select * from user where username= 'lisi' and password='654321'
理清逻辑,
首先是 "select * from user where username= '"
作为第一个字符串,然后拼接 username
;
接着是"select * from user where username= 'username'"
拼接"' and password='"
字符串;
再者是"select * from user where username= 'username' and password ='"
拼接password
字符串
最后是"select * from user where username= 'username' and password ='password"
拼接"'"
字符串