public class JDBCTEST {
public static void main(String[] args) {
Map<String, String> userLoginInfo = initUI();
boolean loginSuccess = login(userLoginInfo);
System.out.println(loginSuccess ? "登录成功" : "登录失败");
}
private static boolean login(Map<String, String> userLoginInfo) {
boolean loginSuccess = false;
ResourceBundle bundle = ResourceBundle.getBundle("jdbctest");
String driver = bundle.getString("driver");
String url = bundle.getString("DB_url");
String username = bundle.getString("username");
String password = bundle.getString("password");
Statement statement = null;
ResultSet resultSet = null;
Connection connection = null;
try {
Class.forName(driver);
connection = DriverManager.getConnection(url, username, password);
statement = connection.createStatement();
String sql = "select * from t_user where username = '"+userLoginInfo.get(username)+"' and password = '"+userLoginInfo.get(password)+"'";
resultSet = statement.executeQuery(sql);
if (resultSet.next()) {
loginSuccess = true;
}
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
} finally {
try {
if (statement != null) {
statement.close();
}
} catch (SQLException e) {
e.printStackTrace();
}
try {
if (connection != null) {
connection.close();
}
} catch (SQLException e) {
e.printStackTrace();
}
try {
if (resultSet != null) {
resultSet.close();
}
} catch (SQLException e) {
e.printStackTrace();
}
}
return loginSuccess;
}
private static Map<String, String> initUI() {
Scanner s = new Scanner(System.in);
System.out.println("用户名");
String username = s.nextLine();
System.out.println("密码");
String password = s.nextLine();
Map<String, String> userLoginIninfo = new HashMap<>();
userLoginIninfo.put("username", username);
userLoginIninfo.put("password", password);
return userLoginIninfo;
}
}
如果想去除注入的影响,则需要改动 login 的里面的部分
private static boolean login(Map<String, String> userLoginInfo) {
boolean loginSuccess = false;
String loginName = userLoginInfo.get("Lusername");
String loginPwd = userLoginInfo.get("Lpassword");
ResourceBundle bundle = ResourceBundle.getBundle("jdbctest");
String driver = bundle.getString("driver");
String url = bundle.getString("DB_url");
String username = bundle.getString("username");
String password = bundle.getString("password");
PreparedStatement preparedStatement = null;
ResultSet resultSet = null;
Connection connection = null;
try {
Class.forName(driver);
connection = DriverManager.getConnection(url, username, password);
String sql = "select * from t_user where loginName = ? and loginPwd = ?";
preparedStatement = connection.prepareStatement(sql);
preparedStatement.setString(1,loginName);
preparedStatement.setString(2,loginPwd);
resultSet = preparedStatement.executeQuery();
if (resultSet.next()) {
loginSuccess = true;
}
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
} finally {
try {
if (preparedStatement != null) {
preparedStatement.close();
}
} catch (SQLException e) {
e.printStackTrace();
}
try {
if (connection != null) {
connection.close();
}
} catch (SQLException e) {
e.printStackTrace();
}
try {
if (resultSet != null) {
resultSet.close();
}
} catch (SQLException e) {
e.printStackTrace();
}
}
return loginSuccess;
}