需求:
- 通过键盘录入用户名和密码
- 判断用户否登录成功
1.创建表
CREATE TABLE IF NOT EXISTS USER(
id INT PRIMARY KEY AUTO_INCREMENT,
username VARCHAR(20),
PASSWORD VARCHAR(20)
);
SELECT * FROM USER;
INSERT INTO USER VALUES (1,'james','12456');
INSERT INTO USER VALUES (2,'kevin','753461');
2. main测试类
package cn.abc.jdbc;
import cn.abc.util.JDBCUtils;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Scanner;
public class JdbcDemo06 {
public static void main(String[] args) {
Scanner sc= new Scanner(System.in);
System.out.println("请输入用户名:");
String name = sc.nextLine();
System.out.println("请输入密码:");
String password = sc.nextLine();
if(check(name,password)){
System.out.println("登录成功!");
}else{
System.out.println("用户名或密码错误!");
}
}
public static boolean check(String name,String password){
if (name==null||password==null){
return false;
}
Connection conn=null;
Statement stmt=null;
ResultSet rs=null;
try {
conn = JDBCUtils.getConnection();//工具类连接
stmt = conn.createStatement();
String sql = "select * from user where username='"+name+"' and password='"+password+"'";
rs = stmt.executeQuery(sql);
return rs.next();
} catch (SQLException e) {
e.printStackTrace();
}finally{
JDBCUtils.close(rs,stmt,conn);//工具类释放资源
}
return false;
}
}
工具类
package cn.abc.util;
import java.io.FileReader;
import java.io.IOException;
import java.sql.*;
import java.util.Properties;
//JDBC工具类
public class JDBCUtils {
private static String url;
private static String user;
private static String password;
private static String driver;
//静态代码块
static {
//读取资源文件,获取值
try {
//1.创建Properties集合类
Properties pro =new Properties();
//2.加载文件
pro.load(new FileReader("src/jdbc.properties"));
//3.获取数据,赋值
url = pro.getProperty("url");
user = pro.getProperty("user");
password = pro.getProperty("password");
driver = pro.getProperty("driver");
//4.注册驱动
Class.forName(driver);
} catch (IOException | ClassNotFoundException e) {
e.printStackTrace();
}
}
//获取连接的工具方法
//返回连接对象
public static Connection getConnection() throws SQLException {
return DriverManager.getConnection(url,user,password);
}
//释放资源
public static void close(Statement stemt, Connection conn){
if(stemt!=null){
try {
stemt.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if(conn!=null){
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
public static void close(ResultSet rs, Statement stemt, Connection conn){
if(rs!=null){
try {
rs.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if(stemt!=null){
try {
stemt.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if(conn!=null){
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
补充——
这里存在sql注入问题。密码如果输入一个恒等式,例如
SELECT * FROM USER
WHERE username ='dawda' AND PASSWORD = 'a' OR 'a' = 'a';
使用PreparedStatement防止sql注入问题
public static boolean check(String name,String password){
if (name==null||password==null){
return false;
}
Connection conn=null;
PreparedStatement pstmt=null;
ResultSet rs=null;
try {
conn = JDBCUtils.getConnection();
String sql = "select * from user where username= ? and password=? ";
pstmt = conn.prepareStatement(sql);
//给?赋值
pstmt.setString(1,name);
pstmt.setString(2,password);
//执行不需要传参
rs = pstmt.executeQuery();
return rs.next();
} catch (SQLException e) {
e.printStackTrace();
}finally{
JDBCUtils.close(rs,pstmt,conn);
}
return false;
}
}