好的,这是一段使用 Java JDBC 查询 SQL 语句,并避免 SQL 注入漏洞和 SQL 字符串拼接的代码:
String tableName = "tableName";
String sql = "SELECT * FROM " + tableName + " WHERE id = ?";
try (Connection conn = DriverManager.getConnection(url, username, password)) {
try (PreparedStatement statement = conn.prepareStatement(sql