登录方法,使用Statement实现,会产生sql注入
package demo13;
import utils.JDBCUtils;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Scanner;
public class Demo04Practice {
public static void main(String[] args) {
Scanner scanner = new Scanner(System.in);
System.out.println("请输入姓名:");
String name=scanner.nextLine();
System.out.println("请输入密码:");
String password=scanner.nextLine();
boolean flag = new Demo04Practice().login(name, password);
if(flag){
System.out.println("登录成功");
}else {
System.out.println("登录失败");
}
}
public boolean login(String name,String password){
if (name==null||password==null){
return false;
}else {
Connection connection = null;
Statement statement = null;
ResultSet resultSet = null;
try {
connection = JDBCUtils.getConnection();
String sql="select * from student where name ='"+ name +"' and password = '"+ password +"'";
statement = connection.createStatement();
resultSet = statement.executeQuery(sql);
return resultSet.next();
} catch (SQLException e) {
e.printStackTrace();
}finally {
JDBCUtils.close(resultSet,statement,connection);
}
}
return false;
}
}
登录方法 使用PreparedStatement实现,不会再产生sql注入
package demo13;
import utils.JDBCUtils;
import java.sql.*;
import java.util.Scanner;
public class Demo05Practice1 {
public static void main(String[] args) {
Scanner scanner = new Scanner(System.in);
System.out.println("请输入姓名:");
String name=scanner.nextLine();
System.out.println("请输入密码:");
String password=scanner.nextLine();
boolean flag = new Demo05Practice1().login(name, password);
if(flag){
System.out.println("登录成功");
}else {
System.out.println("登录失败");
}
}
public boolean login(String name,String password){
if (name==null||password==null){
return false;
}else {
Connection connection = null;
PreparedStatement preparedStatement = null;
ResultSet resultSet = null;
try {
connection = JDBCUtils.getConnection();
String sql="select * from student where name =? and password = ?";
preparedStatement = connection.prepareStatement(sql);
preparedStatement.setString(1,name);
preparedStatement.setString(2,password);
resultSet = preparedStatement.executeQuery();
return resultSet.next();
} catch (SQLException e) {
e.printStackTrace();
}finally {
JDBCUtils.close(resultSet,preparedStatement,connection);
}
}
return false;
}
}