1.新建一个工程
2.创建一个lib包
3.复制进去
4.编译成jar工具
右键这个,然后找到Add to library
package cn.tedu.test;
import java.sql.*;
import java.util.Scanner;
public class TestJdbc5 {
public static void main(String[] args) throws Exception {
// method();
method2();
}
private static void method2() throws Exception{
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/cgb2106?characterEncoding=utf8";
String user = "root";
String root = "123456";
Connection connection = DriverManager.getConnection(url, user, root);
Statement statement = connection.createStatement();
// String sql = "SELECT * FROM USER WHERE NAME = 'jack' AND PASSWORD = '1234'";
System.out.println("请输入用户名");
String a = new Scanner(System.in).nextLine();
System.out.println("请输入密码");
String b = new Scanner(System.in).nextLine();
String sql = "SELECT * FROM USER WHERE NAME = '"+a+"' AND PASSWORD = '"+b+"'";
ResultSet resultSet = statement.executeQuery(sql);
if (resultSet.next()){
System.out.println("登录成功");
}else {
System.out.println("失败");
}
resultSet.close();
statement.close();
connection.close();
}
private static void method() throws Exception {
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/cgb2106?characterEncoding=utf8";
String user = "root";
String root = "123456";
Connection connection = DriverManager.getConnection(url, user, root);
Statement statement = connection.createStatement();
ResultSet resultSet = statement.executeQuery("SELECT * FROM USER");
while (resultSet.next()){
String a = resultSet.getString(1);
String b = resultSet.getString(2);
String c = resultSet.getString(3);
System.out.println(a+b+c);
}
resultSet.close();
statement.close();
connection.close();
}
}
这个方法有个漏洞,当用户输入的用户名带'#会免密码登录,接下来进行改造。
传输器Statament(不安全,低效)进行修改
修改后
private static void method2() throws Exception{
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/cgb2106?characterEncoding=utf8";
String user = "root";
String root = "123456";
Connection connection = DriverManager.getConnection(url, user, root);
// String sql = "SELECT * FROM USER WHERE NAME = 'jack' AND PASSWORD = '1234'";
System.out.println("请输入用户名");
String a = new Scanner(System.in).nextLine();
System.out.println("请输入密码");
String b = new Scanner(System.in).nextLine();
String sql = "select * from user where name=? and password=?";//SQL骨架 叫占位符
PreparedStatement preparedStatement = connection.prepareStatement(sql);
preparedStatement.setString(1, a);//给第一个?设置a的值
preparedStatement.setString(2, b);
//执行sql
ResultSet resultSet = preparedStatement.executeQuery();
if (resultSet.next()){
System.out.println("登录成功");
}else {
System.out.println("失败");
}
resultSet.close();
preparedStatement.close();
connection.close();
}