数据库的数据怎样保存在变量再插入数据库

没看懂你想做什么，另外不要在代码中出现中文的变量名，比如**xuehao**，也不要出现奇怪的单词缩写，比如**doPstm**

用JDBC的PreparedStatement填充参数

 package com.test.jdbc;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

public class SqlInner {
    public static void main(String[] args) {
        Read("' or 1 or'");
    }
    public static void Read(String name) {
        PreparedStatement st = null;
        ResultSet rs = null;
        Connection conn = null;
        try {
            conn = DBUtils.getConnection();
            String sql = "select * from users where lastname = ?"; // 这里用问号        
            st = conn.prepareStatement(sql);
            st.setString(1,name); // 这里将问号赋值
            rs = st.executeQuery(); 
            System.out.println("age\tlastname\tfirstname\tid");
            while (rs.next()) {
                System.out.println(rs.getInt(1) + "\t" + rs.getString(2)
                        + "\t\t" + rs.getString(3) + "\t\t" + rs.getString(4));
            }
        } catch (SQLException e) {
            e.printStackTrace();
        } finally {
            DBUtils.free(rs, st, conn);
        }
    }
}