Spring framework with standard JDBC in java

I have a question and I hope you answer it please.

I want to use Spring framework with Standard jdbc like开发者_如何学C this

"SELECT usernmae FROM users WHERE username='" + usename + '"

Is it possible to do that I donot want to use prepared statement. It is just sample query.

JDBC is no more or less vulnerable to SQL injection than any other SQL connection mechanism. Vulnerability to SQL injection falls on the hands of the people who write the code. JDBC templates provide a way to manage the connection with the database not necessarily protect you from SQL injection. You are still more than capable of writing crappy code with a JDBC template that is vulnerable to SQL injection.

Edit To address the update to your question. You can do that, there is a simple query method in the JDBC template, but doing so would make you vulnerable to SQL injection. The simple answer: always use prepared statements. The only time you can safely avoid using them is if you are not including any input in the query that can from the user. However, you are far better just using a prepared statement even in those cases on the off chance that your assumption is incorrect or it changes down the road. Always, always, always use prepared statements. There is also some performance benefits to using them as the SQL engine can cache the compiled statement for later use, rather than having to recompile the SQL statement each time.