手写jdbc的使用步骤?

package cn.zxj.jdbc;

import java.sql.*;
import java.util.Scanner;

public class JdbcDemo {

    public static void main(String[] args) throws ClassNotFoundException, SQLException {
        statementMethod();//有sql注入风险
        preparedStatementMethod();//能够防止sql注入

    }

    private static void preparedStatementMethod()  throws ClassNotFoundException, SQLException {
        //1、注册驱动
        Class.forName("com.mysql.jdbc.Driver");
        //2、获取连接
        String url = "jdbc:mysql://localhost:3306/jdbc";
        String username = "root";
        String password = "123";
        Connection connection = DriverManager.getConnection(url, username, password);
        //3、获取预处理对象
        //String sql = "insert into users(username) values(?)";
        String sql = "select * from users where username = ? and password = ?";
        PreparedStatement preparedStatement = connection.prepareStatement(sql);
        //4、sql语句占位符设置实际参数
        //preparedStatement.setObject(1,"wang");
        //sql注入测试
        preparedStatement.setObject(1,"'u' or '1=1'");
        preparedStatement.setObject(2,"'p' or '1=1'");
        //5、执行sql语句
        //preparedStatement.executeUpdate();
        ResultSet resultSet = preparedStatement.executeQuery();
        //6、处理结果集(查询才需要处理结果集)
        while(resultSet.next()){
            System.out.println(resultSet.getString(1)+":"+resultSet.getString(2));
        }
        //7、关闭资源
        resultSet.close();
        preparedStatement.close();
        connection.close();
    }

    private static void statementMethod()  throws ClassNotFoundException, SQLException {
        //1、注册驱动
        Class.forName("com.mysql.jdbc.Driver");
        //2、获取连接
        String url = "jdbc:mysql://localhost:3306/jdbc";
        String username = "root";
        String password = "123";
        Connection connection = DriverManager.getConnection(url, username, password);
        //3、获取Statement对象
        Statement statement = connection.createStatement();
        //4、执行sql
        //int i = statement.executeUpdate("insert into users(username) VALUES ('xiaozhou')");
        //演示sql注入
        Scanner scanner = new Scanner(System.in);
        System.out.println("请输入用户名");//输入'u' or '1=1'
        String un = scanner.nextLine();
        Scanner scanner1 = new Scanner(System.in);
        System.out.println("请输入密码");//输入'p' or '1=1'
        String pw = scanner1.nextLine();
        String sql = "select * from users where username="+un+" and password="+pw;
        System.out.println(sql);
        ResultSet resultSet = statement.executeQuery(sql);
        //5、处理结果集(查询才需要处理结果集)
       while(resultSet.next()){
           System.out.println(resultSet.getString(1)+":"+resultSet.getString(2));
       }
        //6、关闭资源
        resultSet.close();
        statement.close();
        connection.close();

    }
}