/**
* 工具包演示登录模拟
* 存在sql注入问题
*/
import Day01.Text03.JdbcUtils;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Scanner;
public class Deom01 {
public static void main(String[] args) {
Scanner sc = new Scanner(System.in);
System.out.println("请输入账户");
String user = sc.nextLine();
System.out.println("请输入密码");
String passwed = sc.nextLine();
boolean loign = loign(user, passwed);
if (loign) {
System.out.println("登陆成功");
} else {
System.out.println("登陆失败");
}
long l1 = System.currentTimeMillis();
}
private static boolean loign(String user, String passwed) {
/**
* 排空
*/
if (user == null || passwed == null) {
return false;
}
Connection con = null;
Statement statement = null;
ResultSet resultSet = null;
try {
/**
* 获得Connection对象
*/
con = JdbcUtils.getConnection();
/**
* 获得执行sql的Statement对象
*/
statement = con.createStatement();
//select user,passwed from users where user=? and passwed=a or 'a'='a'
String sql = "select * from users where user='" + user + "'and passwed='" + passwed + "'";
System.out.println(sql);
/**
* 执行sql返回结果集
*/
resultSet = statement.executeQuery(sql);
/**
* 若结果集有数据则登录成功
*/
return resultSet.next();
} catch (SQLException e) {
e.printStackTrace();
} finally {
JdbcUtils.close(resultSet, statement, con);
}
/**
* 异常,登陆失败
*/
return false;
}
}
jdbc工具包演示登录模拟(不推荐使用)
最新推荐文章于 2024-09-11 15:53:54 发布