CREATE TABLE users(
id INT PRIMARY KEY AUTO_INCREMENT,
username VARCHAR(100),
PASSWORD VARCHAR(100)
);
INSERT INTO users(username,PASSWORD) VALUES('a','1'),('b','2');
SELECT * FROM users;
SELECT * FROM users WHERE username='abc' AND PASSWORD='999' OR 1=1
package com.dxm;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import com.sun.java_cup.internal.runtime.Scanner;
public class JDBCDemo2 {
public static void main(String[] args) throws ClassNotFoundException, SQLException {
// TODO Auto-generated method stub
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/mybase";
String user="root";
String password="1234";
Connection connection = DriverManager.getConnection(url, user, password);
Statement statement = connection.createStatement();
java.util.Scanner scanner = new java.util.Scanner(System.in);
System.out.println("Please Input username");
String name = scanner.next(); //aaa
System.out.println("Please Input password");
String pass = scanner.next();//bbb'OR'1=1
String sql="SELECT * FROM users WHERE username='"+name+"'"+" AND PASSWORD='"+pass+"'";
System.out.println(sql);
ResultSet resultSet = statement.executeQuery(sql);
System.out.println("username password");
while (resultSet.next()) {
System.out.println(resultSet.getString("username")+" "+resultSet.getString("password"));
}
resultSet.close();
statement.close();
connection.close();
}
}