1. MySQL–SQL注入问题
1.1 什么是SQL注入问题
概念:
原理:
sql存在漏洞,可能会被攻击导致数据泄露。==> Sql会被拼接 or 关键字
1.2 示例:
我们现在SQLyog执行下列语句:
SELECT * FROM `users` WHERE `NAME`="" OR 1=1 AND `PASSWORD`= "" OR 1=1;
结果:
我们发现所有的结果都被查询出来了
1. 正常登录
package jdbc.lesson;
import jdbc.lesson.utils.JdbcUtils;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
// SQL注入问题
public class SQLInjection {
public static void main(String[] args) {
login("周天天", "123456");// 正常登录
}
// 登录业务
public static void login(String username, String password) {
Connection connection = null;
Statement statement = null;
ResultSet resultSet = null;
try {
connection = JdbcUtils.getConnection();// 获取数据库连接
statement = connection.createStatement(); // 获得SQL执行对象
//String sql = "SELECT * FROM `users` WHERE `NAME`=" + username + "AND `PASSWORD`=" + password;
String sql = "SELECT * FROM `users` WHERE `NAME`='" + username + "' AND `PASSWORD`= '" + password + "';";
resultSet = statement.executeQuery(sql);
while(resultSet.next()) {
System.out.println("name = " + resultSet.getObject("name"));
System.out.println("password = " + resultSet.getObject("password"));
}
} catch (SQLException e) {
e.printStackTrace();
} finally {
JdbcUtils.release(connection, statement, resultSet);
}
}
}
运行结果:
2. 异常登录
package jdbc.lesson;
import jdbc.lesson.utils.JdbcUtils;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
// SQL注入问题
public class SQLInjection {
public static void main(String[] args) {
login("'or ' 1=1", "'or' 1=1");// 异常登录
}
// 登录业务
public static void login(String username, String password) {
Connection connection = null;
Statement statement = null;
ResultSet resultSet = null;
try {
connection = JdbcUtils.getConnection();// 获取数据库连接
statement = connection.createStatement(); // 获得SQL执行对象
//String sql = "SELECT * FROM `users` WHERE `NAME`=" + username + "AND `PASSWORD`=" + password;
String sql = "SELECT * FROM `users` WHERE `NAME`='" + username + "' AND `PASSWORD`= '" + password + "';";
resultSet = statement.executeQuery(sql);
while (resultSet.next()) {
System.out.println("name = " + resultSet.getObject("name"));
System.out.println("password = " + resultSet.getObject("password"));
}
} catch (SQLException e) {
e.printStackTrace();
} finally {
JdbcUtils.release(connection, statement, resultSet);
}
}
}
结果: