import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
/**
*
*/
/**
* @author john
*
*/
public class Demo {
/**
* @param args
* @throws Exception
*/
public static boolean login (String Username ,String Password ) throws Exception {
String driverClassName = "oracle.jdbc.driver.OracleDriver" ;
String url = "jdbc:oracle:thin:@103.44.145.243:55090:oracle" ;
String username = "";
String password = "";
//加载驱动类
Class.forName(driverClassName) ;
Connection con = DriverManager.getConnection(url, username, password) ;
//得到statement
Statement stmt = con.createStatement() ;
//给出sql
String sql = "select * from MYUSER where USERNAME ='"+Username+"' and PASSWORD = '"+Password+"'";
ResultSet rs = stmt.executeQuery(sql);
return rs.next();
// return false ;
}
public static boolean login2 (String Username ,String Password ) throws Exception {
String driverClassName = "oracle.jdbc.driver.OracleDriver" ;
String url = "jdbc:oracle:thin:@103.44.145.243:55090:oracle" ;
String username = "";
String password = "";
//加载驱动类
Class.forName(driverClassName) ;
Connection con = DriverManager.getConnection(url, username, password) ;
//得到statement
// Statement stmt = con.createStatement() ;
//给出sql
/*
* 得到preparedStatement
* 1.得到sql模板
* 2.调用con方法,得到preparement
*/
String sql = "select * from MYUSER where USERNAME=?and PASSWORD = ?";
PreparedStatement psmt = con.prepareStatement(sql);
/*
* 为参数赋值
*/
psmt.setString(1,Username);//给问号赋值
psmt.setString(2, Password);
ResultSet rs = psmt.executeQuery();//调用查询方法
return rs.next() ;
}
public static void main(String[] args) throws Exception {
// TODO Auto-generated method stub
boolean bool2 = login2("a' or 'a' = 'a","a' or 'a' = 'a") ;
System.out.println(bool2);
boolean bool = login("a' or 'a' = 'a","a' or 'a' = 'a") ;
System.out.println(bool);
}
}
Oracle Jdbc 防sql注入
最新推荐文章于 2024-05-23 16:14:18 发布