sql注入攻击问题

注：此博客不再更新，所有最新文章将发表在个人独立博客limengting.site。分享技术，记录生活，欢迎大家关注

使用login登录成功，即sql攻击：

因为组合在一起的sql语句是：

SELECT * FROM user WHERE username='a' or 'a'='a' and password='a' or 'a'='a'

使用login1函数失败：

package sunnietest;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

import org.junit.Test;

/**
 * 测试sql注入问题
 *
 */
public class TestLogin {

    @Test
    public void testLogin() {
        try {
            login("a' or 'a'='a", "a' or 'a'='a");
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    /**
     * 用户登录方法
     *
     * @param username
     * @param password
     * @throws ClassNotFoundException
     * @throws SQLException
     */
    public void login(String username, String password) throws SQLException {
        // 1.注册驱动
        //Class.forName("com.mysql.jdbc.Driver");
        // 2.获取连接
        Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/sunnie?useUnicode=true&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=UTC&useSSL=true", "root", "wangji1997");
        // 3.创建执行sql语句的对象
        Statement stmt = conn.createStatement();
        // 4.书写一个sql语句
        String sql = "select * from user where " + "name='" + username + "' and password='" + password + "'";
        // 5.执行sql语句
        ResultSet rs = stmt.executeQuery(sql);
        // 6.对结果集进行处理
        if (rs.next()) {
            System.out.println("恭喜您，" + username + ",登录成功!");
            System.out.println(sql);
        } else {
            System.out.println("账号或密码错误!");
        }
        if (rs != null)
            rs.close();
        if (stmt != null)
            stmt.close();
        if (conn != null)
            conn.close();
    }

    public void login1(String username, String password) throws SQLException {
        // 1.注册驱动
        //Class.forName("com.mysql.jdbc.Driver");
        // 2.获取连接
        Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/sunnie?useUnicode=true&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=UTC&useSSL=true", "root", "wangji1997");
        // 3.编写sql语句
        String sql = "select * from user where name=? and password=?";
        // 4.创建预处理对象
        PreparedStatement pstmt = conn.prepareStatement(sql);
        // 5.设置参数(给占位符)
        pstmt.setString(1, username);
        pstmt.setString(2, password);
        // 6.执行查询操作
        ResultSet rs = pstmt.executeQuery();
        // 7.对结果集进行处理
        if (rs.next()) {
            System.out.println("恭喜您，" + username + ",登录成功!");
            System.out.println(sql);
        } else {
            System.out.println("账号或密码错误!");
        }
        if (rs != null)
            rs.close();
        if (pstmt != null)
            pstmt.close();
        if (conn != null)
            conn.close();
    }
}