How to use handwritten JDBC?

package cn.zxj.jdbc;

import java.sql.*;
import java.util.Scanner;

public class JdbcDemo {

    public static void main(String[] args) throws ClassNotFoundException, SQLException {
        statementMethod();// Yes sql Injection risk
        preparedStatementMethod();// Can prevent sql Inject

    }

    private static void preparedStatementMethod()  throws ClassNotFoundException, SQLException {
        //1、 Registration drive
        Class.forName("com.mysql.jdbc.Driver");
        //2、 Get the connection
        String url = "jdbc:mysql://localhost:3306/jdbc";
        String username = "root";
        String password = "123";
        Connection connection = DriverManager.getConnection(url, username, password);
        //3、 Get preprocessing object
        //String sql = "insert into users(username) values(?)";
        String sql = "select * from users where username = ? and password = ?";
        PreparedStatement preparedStatement = connection.prepareStatement(sql);
        //4、sql Statement placeholder to set actual parameters
        //preparedStatement.setObject(1,"wang");
        //sql Injection test
        preparedStatement.setObject(1,"'u' or '1=1'");
        preparedStatement.setObject(2,"'p' or '1=1'");
        //5、 perform sql sentence
        //preparedStatement.executeUpdate();
        ResultSet resultSet = preparedStatement.executeQuery();
        //6、 Processing result set ( Only queries need to process the result set )
        while(resultSet.next()){
            System.out.println(resultSet.getString(1)+":"+resultSet.getString(2));
        }
        //7、 close resource
        resultSet.close();
        preparedStatement.close();
        connection.close();
    }

    private static void statementMethod()  throws ClassNotFoundException, SQLException {
        //1、 Registration drive
        Class.forName("com.mysql.jdbc.Driver");
        //2、 Get the connection
        String url = "jdbc:mysql://localhost:3306/jdbc";
        String username = "root";
        String password = "123";
        Connection connection = DriverManager.getConnection(url, username, password);
        //3、 obtain Statement object
        Statement statement = connection.createStatement();
        //4、 perform sql
        //int i = statement.executeUpdate("insert into users(username) VALUES ('xiaozhou')");
        // demonstration sql Inject
        Scanner scanner = new Scanner(System.in);
        System.out.println(" Please enter a user name ");// Input 'u' or '1=1'
        String un = scanner.nextLine();
        Scanner scanner1 = new Scanner(System.in);
        System.out.println(" Please input a password ");// Input 'p' or '1=1'
        String pw = scanner1.nextLine();
        String sql = "select * from users where username="+un+" and password="+pw;
        System.out.println(sql);
        ResultSet resultSet = statement.executeQuery(sql);
        //5、 Processing result set ( Only queries need to process the result set )
       while(resultSet.next()){
           System.out.println(resultSet.getString(1)+":"+resultSet.getString(2));
       }
        //6、 close resource
        resultSet.close();
        statement.close();
        connection.close();

    }
}