Sql:

        String sql = "from luser where username='" + username + "' and password='" + password + "'";
        List ul = getHibernateTemplate().find(sql);
       
Hql:
 
      String hql ="from luser where username=? and password=?" ;
      Object pra[]=  {username,password};
      List ul = getHibernateTemplate().find(hql, pra);