- package cn.huhui.jdbc;
-
- import java.sql.Connection;
- import java.sql.DriverManager;
- import java.sql.PreparedStatement;
- import java.sql.ResultSet;
- import java.sql.SQLException;
- import java.sql.Statement;
- import java.util.Scanner;
- //注入攻击案列
- //防止注入攻击
- //Statement接口实现类,作用执行sql语句,返回结果集
- //有一个子接口PreparedStatement (Sql语句预编译存储,多次高效执行SQL语句)
- //PrepareStatement的实现类数据库的驱动中,如何获接口的是实现类
- //是Conection数据库链接对象的方法
- //PreparedStatement preparedStaement(String SQl)
- public class JdbcDemo03 {
-
- public static void main(String[] args) throws ClassNotFoundException, SQLException {
- // TODO Auto-generated method stub
- // TODO Auto-generated method stub
- // 1.注册驱动
- Class.forName("com.mysql.jdbc.Driver");
- // 2.获取连接对象
- String url = "jdbc:mysql://localhost:3306/mybase";
- String username = "root";
- String password = "root";
- Connection con = DriverManager.getConnection(url, username, password);
- // 3.获取执行则对象
- Statement stat = con.createStatement();
- // 4.使用执行者对象执行Sql语句
- // ResultSet executeQuery(String sql)
- // 返回ResultSet实现类对象
- Scanner sc = new Scanner(System.in);
- String user = sc.nextLine();
- String pass = sc.nextLine();
- String Sql = "SELECT * FROM users WHERE username=? AND PASSWORD=?";
- PreparedStatement pre = con.prepareStatement(Sql);
- pre.setObject(1, user);
- pre.setObject(2, pass);
- ResultSet rs = pre.executeQuery();
- while(rs.next()) {
- System.out.println(rs.getString("username")+" "+rs.getString("password"));
- }
- rs.close();
- pre.close();
- con.close();
-
-
- }
-
- }
JDBC防注入攻击
最新推荐文章于 2024-04-17 01:45:39 发布