文章目录
先在代码连接的库中建一个表
create table test_for_prepare
(
id int primary key auto_increment,
user_name varchar(10),
password varchar(32)
);
insert into test_for_prepare (user_name, password) values
('马大帅','1234'),('范德彪','5678');
select *
from test_for_prepare;
select *
from test_for_prepare where user_name = '马大帅' and password = '1234';
文章目录
作用一,防SQL注入攻击
测试代码
@Test
public void testSqlInject() throws Exception {
String url = "jdbc:mysql:///my_temp?useSSL=false";
String uName = "root" ;
String pWord = "1234" ;
Connection con = DriverManager.getConnection(url,uName,pWord);
// String name = "马大帅";
// String pwd = "1234";
String name = "Not_exist";
String pwd = "' or '1' = '1";
String sql_st = "select * from test_for_prepare where user_name = '"+name+"' and password = '"+pwd+"'";
/**
* 用DQL语句模拟登录,当输入的名字和密