如何防止sql注入我使用下面的代码登录
con = DriverManager.getConnection("", "", "");
Statement statement = con.createStatement();
ResultSet rs= statement.executeQuery("SELECT email,pass FROM db_pass where email='" + email + "'and pass='" + password + "'" );
if (rs.next()) {
String a=rs.getString(1);
String b=rs.getString(2);
rs.close();
它工作正常但是当它放入(nitin'OR'1'='1)时,用户无需输入有效密码即可访问