在java中有关sql注入的问题

package web;import java.io.IOException;import java.sql.Connection;import java.sql.ResultSet;import java.sql.Statement;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import util.DBUtil;public class LoginServlet extends HttpServlet{ public void service(HttpServletRequest req,HttpServletResponse res)throws ServletException,IOException{  Connection conn =null; try{conn = DBUtil.getConnection();Statement stat = conn.createStatement();String username = req.getParameter("username");String pwd =req.getParameter("pwd");//System.out.println("pwd的值:"+pwd);//将pwd的值定义为:ddd' or '1'='1 就可以注入sql语句了。//select * from t_u where username='zs' and pwd='ddd' or '1'='1' String sql="select * from t_u where username='"+username+"' and pwd='"+pwd+"'";//SQL注入--因为sql注入的问题，在java中尽量避免使用Statement来创建sql语句封装对象//String sql="select * from t_u where username='"+username+"' and pwd='"+pwd+"' or 1 = 1";System.out.println(sql);ResultSet rst= stat.executeQuery(sql);if(rst.next()){System.out.println("success"); }else{System.out.println("fail");      }}catch(Exception e){e.printStackTrace();throw new ServletException(e);}}}