登录案例
注入问题的解决
package javaweb.com.JDBC;
import java.sql.*;
import java.util.Scanner;
//注入问题的解决
//利用PreparedStatement解决注入问题
public class Login2 {
public static void main(String[] args) {
Scanner sc =new Scanner(System.in);
System.out.printf("用户名:");
String username = sc.nextLine();
System.out.printf("密码:");
String password = sc.nextLine();
Boolean flag = new Login2().login1(username,password);
if (flag)
{
System.out.printf("登陆成功!");
}
else
{
System.out.printf("账号或密码输入错误!");
}
}
public Boolean login1(String username,String password)
{
if ((username==null)||(password==null))
{
return false;
}
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try {
conn = JdbcUtilsDemo.getConnection();
String sql = "select * from login where username = ? and password = ?";
pstmt = conn.prepareStatement(sql);
// 给?号赋值
pstmt.setString(1,username);
pstmt.setString(2,password);
rs = pstmt.executeQuery();
return rs.next();
} catch (SQLException throwables) {
throwables.printStackTrace();
}finally {
JdbcUtilsDemo.close(rs,pstmt,conn);
}
return false;
}
}