import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import org.junit.Test;
/**
* 测试SQL注入问题
* @author Administrator
*
*/
public class TestLogin {
@Test
public void testLogin() {
try {
login("root","1234");
} catch (ClassNotFoundException | SQLException e) {
e.printStackTrace();
}
}
/**
* 用户登录
* @param username
* @param password
* @throws ClassNotFoundException
* @throws SQLException
*/
public void login(String username,String password) throws ClassNotFoundException, SQLException {
// 注册驱动,把实现Driver接口的mysql驱动类加载到jvm
Class.forName("com.mysql.jdbc.Driver");
// 获取链接,从sql的DriverManager服务中管理Mysql驱动,设置数据库的连接方式并返回一个用于连接mysql数据库的对象"sql01"为数据库名称,之后是自定义参数设置
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/sql01?useUnicode=true&characterEncoding=utf-8&useSSL=false","root","1234");
// 书写sql语句
String sql = "select*from user where uname=? and upassword=?";
// 安全预处理,将sql普通语句和问号处语句分段传递
PreparedStatement pstmt = conn.prepareStatement(sql);
pstmt.setString(1, username);
pstmt.setString(2, password);
// 执行查询
ResultSet rs = pstmt.executeQuery();
// 对结果集处理
if(rs.next()) { //如果查到数据库的数据
System.out.println("恭喜您,"+username+"登录成功!");
System.out.println(sql);
} else {
System.out.println("登录错误");
}
if(rs != null) { //没有读取到数据不关闭
rs.close();
}
if(conn != null) { //获得数据信息实拍不关闭
conn.close();
}
}
}
//PrepareStatement预处理语句:把SQL语句以可变和不可变两部分分段传输,可变的部分就会被定性为一个性质 ,以下为oracle
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Date;;
public class JdbcDemo {
public static final String DBDRIVER = "oracle.jdbc.driver.OracleDriver";
public static final String DBURL = "jdbc:oracle:thin:@localhost:1521:orcl";
public static final String DBUSER = "scott";
public static final String DBPASSWORD = "tiger";
public static void main(String[] args) throws Exception {
String name = "Mr'k";
int age = 18;
Date birthday = new Date();
// 虚拟机加载Jdbc驱动
Class.forName(DBDRIVER);
// 得到一个通过DriverManager连接指定数据库的对象
Connection conn = DriverManager.getConnection(DBURL,DBUSER,DBPASSWORD);
// 通过连接数据库创建一个操作对象
Statement stmt = conn.createStatement();
String sql = " INSERT INTO member VALUES(myseq.nextval,?,?,?,?)"; //创建表时自定义过的序列名称myseq
PreparedStatement pstmt = conn.prepareStatement(sql);
pstmt.setString(1, name);
pstmt.setInt(2, age);
pstmt.setDate(3,new java.sql.Date(birthday.getTime()));
pstmt.setString(4, "note6");
ResultSet rs = pstmt.executeQuery();
System.out.println("更新数据据库行数:" + pstmt.executeUpdate());
conn.close();
}
}
JDBC
最新推荐文章于 2022-11-23 21:28:13 发布