SQL注入问题

最新推荐文章于 2024-06-03 16:08:12 发布

shmiluam

最新推荐文章于 2024-06-03 16:08:12 发布

阅读量93

点赞数

分类专栏： mybatis插件文章标签： mysql sql

本文链接：https://blog.csdn.net/JHY1019/article/details/117857048

版权

mybatis插件专栏收录该内容

1 篇文章 0 订阅

订阅专栏

dao层

mapper接口

 User selectUserByNameInject(@Param("username") String username);

mapper

<select id="selectUserByNameInject" resultType="com.cskaoyan.bean.User">
        select id,username,password,age from user where username = '${username}'
</select>

根据姓名查询记录

 @Test
    void contextLoads2() {
        //String username = "jhy 'and password = '123456";
        String username = "jhy';delete from user where 0 !=1 #";
        // String username = "'or 1=1 #";
        User user = userMapper.selectUserByNameInject(username);
        System.out.println(user);
    }

生成的SQL语句


select id,username,password,age from user where username = ''or 1=1#'


select id,username,password,age from user where username = 'jhy';delete from user where 0 !=1 #'

数据库遭破坏