dao层
mapper接口
User selectUserByNameInject(@Param("username") String username);
mapper
<select id="selectUserByNameInject" resultType="com.cskaoyan.bean.User">
select id,username,password,age from user where username = '${username}'
</select>
根据姓名查询记录
@Test
void contextLoads2() {
//String username = "jhy 'and password = '123456";
String username = "jhy';delete from user where 0 !=1 #";
// String username = "'or 1=1 #";
User user = userMapper.selectUserByNameInject(username);
System.out.println(user);
}
生成的SQL语句
select id,username,password,age from user where username = ''or 1=1#'
select id,username,password,age from user where username = 'jhy';delete from user where 0 !=1 #'
数据库遭破坏