@Test
public void testPreparedStatement2() throws Exception {
//1.注册驱动
// Class.forName("com.mysql.jdbc.Driver");
//2.获取连接
String url="jdbc:mysql://127.0.0.1:3306/dbtest1?useSSL=false&useServerPrepStmts=true";
String username="root";
String password="123456";
Connection conn = DriverManager.getConnection(url, username, password);
//接受用户输入 用户名和密码
String name="zhangsan";
String pwd="' or ' 1'='1";
String sql="select * from tb_user where name=? and password=?";
//获取执行sql的对象 PreparedStatement
PreparedStatement preparedStatement = conn.prepareStatement(sql);
//设置?值
preparedStatement.setString(1,name);
preparedStatement.setString(2,pwd);
//执行sql
ResultSet rs = preparedStatement.executeQuery();
//判断登录是否成功
if (rs.next()){
System.out.println("登录成功~");
}else{
System.out.println("登录失败~");
}
//7.释放结果
rs.close();
preparedStatement.close();
conn.close();
}
预防SQL注入
于 2022-04-11 14:04:23 首次发布