最近学习数据库,看了一下注入式攻击登录,来分享一下,供感兴趣的朋友参考:
代码如下:
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Scanner;
public class JBDCDemo1 {
/**
* @param gaochao
* @throws SQLException
*/
public static void main(String[] args) throws SQLException {
String url="jdbc:mysql://localhost:3306/mybase1";
String username="root";
String password="123";
java.sql.Connection con= DriverManager.getConnection(url, username, password);
Statement stat= con.createStatement();//拿到执行者对象
Scanner sc=new Scanner(System.in);
String user=sc.nextLine();
String pass=sc.nextLine();
/*int row= stat.executeUpdate("INSERT INTO zhangwu(id,name,money) VALUES (11,'喝酒支出',1000)");
System.out.println(row);*///获得执行语句
String sql="select *from users where username='"+user+"'and PASSWORD='"+pass +"'";
System.out.println(sql);
ResultSet rs=stat.executeQuery(sql) ;
while(rs.next()){
System.out.println(rs.getString("username")+" "+rs.getString("PASSWORD"));
}
rs.close();
stat.close();
con.close();
}
}