java preparestatement sql注入,MySQL_(Java)使用preparestatement解決SQL注入的問題

最新推荐文章于 2022-07-14 23:56:41 发布

天盗盗

最新推荐文章于 2022-07-14 23:56:41 发布

阅读量96

点赞数

文章标签： java preparestatement sql注入

importjava.sql.Connection;importjava.sql.DriverManager;importjava.sql.PreparedStatement;importjava.sql.ResultSet;importjava.sql.SQLException;importjava.sql.Statement;public classJDBC01 {public static void main(String[] args) throwsSQLException {//selectAll();//存在sql注入

System.out.println(selectByUernamePassword("Garyyyyar","nihao' or '1'='1"));//使用preparestatement解決SQL注入的問題

System.out.println(selectByUP2("Garyyyyar","nihao' or '1'='1"));

}public static void selectAll() throwsSQLException {//注冊驅動使用驅動連接數據庫

Connection con = null;

Statement stmt= null;

ResultSet rs= null;try{

Class.forName("com.mysql.jdbc.Driver");//String url ="jdbc:mysql://localhost:3306/garysql";//指定編碼查詢數據庫

String url ="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false";

String user= "root";

String password= "123456";//建立和數據庫的連接

con =DriverManager.getConnection(url,user,password);//數據庫的增刪改查

stmt =con.createStatement();//返回一個結果集

rs =stmt.executeQuery("select * from garytb");while(rs.next()) {//System.out.println(rs.getString(1)+","+rs.getString(2)+","+rs.getString(3));

System.out.println(rs.getString("id")+","+rs.getString("username")+","+rs.getString("password"));

}

}catch(Exception e) {//TODO Auto-generated catch block

e.printStackTrace();

}finally{if(rs!=null)

rs.close();if(stmt!=null)

stmt.close();if(con!=null)

con.close();

}

}public static boolean selectByUernamePassword(String username,String password) throwsSQLException {

Connection con=null;

Statement stmt= null;

ResultSet rs= null;try{

Class.forName("com.mysql.jdbc.Driver");

String url="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false";

con= DriverManager.getConnection(url,"root","123456");

stmt=con.createStatement();

String sql= "select * from garytb where username = '"+username+"' and password = '"+password+"'";//System.out.println(sql);

rs =stmt.executeQuery(sql);if(rs.next()) {return true;

}else{return false;

}

}catch(Exception e) {//TODO Auto-generated catch block

e.printStackTrace();

}finally{if(rs!=null)

rs.close();if(stmt!=null)

stmt.close();if(con!=null)

con.close();

}return false;

}public static boolean selectByUP2(String username,String password) throwsSQLException{

Connection con=null;

Statement stmt= null;

ResultSet rs= null;try{

Class.forName("com.mysql.jdbc.Driver");

String url="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false";

con= DriverManager.getConnection(url,"root","123456");

String sql= "select * from garytb where username = ? and password = ?";

PreparedStatement pstmt=con.prepareStatement(sql);//添加參數

pstmt.setString(1, username);

pstmt.setString(2, password);//進行查詢

rs =pstmt.executeQuery();if(rs.next()) {return true;

}else{return false;

}

}catch(Exception e) {//TODO Auto-generated catch block

e.printStackTrace();

}finally{if(rs!=null)

rs.close();if(stmt!=null)

stmt.close();if(con!=null)

con.close();

}return false;

}

天盗盗

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
java preparestatement sql注入,MySQL_(Java)使用preparestatement解決SQL注入的問題

importjava.sql.Connection;importjava.sql.DriverManager;importjava.sql.PreparedStatement;importjava.sql.ResultSet;importjava.sql.SQLException;importjava.sql.Statement;public classJDBC01 {public static ...
复制链接

扫一扫