定义
所谓SQL,就是把含有SQL语句的参数插入到所需要执行的SQL语句中,最终达到欺骗数据库服务器恶意操作数据库器执行恶意操作的SQL命令
如何实现SQL注入
public class SqlinjectTest {
/*
体现sql注入
*/
public void sqlInject(String username,int userage) throws SQLException {
//
Connection connection=null;
Statement statement=null;
try {
// 获取连接
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/bjsxt?useSSL=true&verifyServerCertificate=false";
String user = "root";
String password = "123456";
connection = DriverManager.getConnection(url, user, password);
statement=connection.createStatement();
String sql="SELECT * FROM users where username='"+username+"' and userage='"+userage+"'";
// 执行SQL语句
ResultSet resultSet=statement.executeQuery(sql);
// 处理结果集
while (resultSet.next()){
int userid=resultSet.getInt("userid");
String name=resultSet.getString("username");
int age=resultSet.getInt("userage");
System.out.println(userid+" "+name+" "+age);
}
}catch (Exception e){
e.printStackTrace();
}finally {
connection.close();
statement.close();
}
}
解决SQL注入问题
public void noSqlInject(String usrname,int userage) throws SQLException {
Connection connection = null;
PreparedStatement ps=null;
ResultSet resultSet=null;
try {
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/bjsxt?useSSL=true&verifyServerCertificate=false";
String user = "root";
String password = "123456";
// 获取连接
connection = DriverManager.getConnection(url, user, password);
// 创建PreparedStatement对象
ps=connection.prepareStatement("select * from users where username=? and userage=?");
// 绑定参数
ps.setString(1,usrname);
ps.setInt(2,userage);
// 执行SQL
resultSet=ps.executeQuery();
//处理结果集
while (resultSet.next()){
int userid=resultSet.getInt("userid");
String name=resultSet.getString("username");
int age=resultSet.getInt("userage");
System.out.println(userid+" "+name+" "+age);
}
}catch (Exception e){
e.printStackTrace();
}finally {
ps.close();
connection.close();
}
}
测试代码
public static void main(String[] args) throws SQLException {
SqlinjectTest sqlinjectTest=new SqlinjectTest();
// sqlinjectTest.sqlInject("一只猫' or 1=1 -- ",28);
sqlinjectTest.noSqlInject("一只猫' or 1=1 -- ",28);
}
总结
package YYu;
import java.sql.*;
/*
Sql注入测试类
*/
public class SqlinjectTest {
/*
体现sql注入
*/
public void sqlInject(String username,int userage) throws SQLException {
//
Connection connection=null;
Statement statement=null;
try {
// 获取连接
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/bjsxt?useSSL=true&verifyServerCertificate=false";
String user = "root";
String password = "123456";
connection = DriverManager.getConnection(url, user, password);
statement=connection.createStatement();
String sql="SELECT * FROM users where username='"+username+"' and userage='"+userage+"'";
// 执行SQL语句
ResultSet resultSet=statement.executeQuery(sql);
// 处理结果集
while (resultSet.next()){
int userid=resultSet.getInt("userid");
String name=resultSet.getString("username");
int age=resultSet.getInt("userage");
System.out.println(userid+" "+name+" "+age);
}
}catch (Exception e){
e.printStackTrace();
}finally {
connection.close();
statement.close();
}
}
public void noSqlInject(String usrname,int userage) throws SQLException {
Connection connection = null;
PreparedStatement ps=null;
ResultSet resultSet=null;
try {
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/bjsxt?useSSL=true&verifyServerCertificate=false";
String user = "root";
String password = "123456";
// 获取连接
connection = DriverManager.getConnection(url, user, password);
// 创建PreparedStatement对象
ps=connection.prepareStatement("select * from users where username=? and userage=?");
// 绑定参数
ps.setString(1,usrname);
ps.setInt(2,userage);
// 执行SQL
resultSet=ps.executeQuery();
//处理结果集
while (resultSet.next()){
int userid=resultSet.getInt("userid");
String name=resultSet.getString("username");
int age=resultSet.getInt("userage");
System.out.println(userid+" "+name+" "+age);
}
}catch (Exception e){
e.printStackTrace();
}finally {
ps.close();
connection.close();
}
}
public static void main(String[] args) throws SQLException {
SqlinjectTest sqlinjectTest=new SqlinjectTest();
// sqlinjectTest.sqlInject("一只猫' or 1=1 -- ",28);
sqlinjectTest.noSqlInject("一只猫' or 1=1 -- ",28);
}
}