importjava.sql.Connection;importjava.sql.DriverManager;importjava.sql.PreparedStatement;importjava.sql.ResultSet;importjava.sql.SQLException;importjava.sql.Statement;public classJDBC01 {public static void main(String[] args) throwsSQLException {//selectAll();//存在sql注入
System.out.println(selectByUernamePassword("Garyyyyar","nihao' or '1'='1"));//使用preparestatement解決SQL注入的問題
System.out.println(selectByUP2("Garyyyyar","nihao' or '1'='1"));
}public static void selectAll() throwsSQLException {//注冊驅動 使用驅動連接數據庫
Connection con = null;
Statement stmt= null;
ResultSet rs= null;try{
Class.forName("com.mysql.jdbc.Driver");//String url ="jdbc:mysql://localhost:3306/garysql";//指定編碼查詢數據庫
String url ="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false";
String user= "root";
String password= "123456";//建立和數據庫的連接
con =DriverManager.getConnection(url,user,password);//數據庫的增刪改查
stmt =con.createStatement();//返回一個結果集
rs =stmt.executeQuery("select * from garytb");while(rs.next()) {//System.out.println(rs.getString(1)+","+rs.getString(2)+","+rs.getString(3));
System.out.println(rs.getString("id")+","+rs.getString("username")+","+rs.getString("password"));
}
}catch(Exception e) {//TODO Auto-generated catch block
e.printStackTrace();
}finally{if(rs!=null)
rs.close();if(stmt!=null)
stmt.close();if(con!=null)
con.close();
}
}public static boolean selectByUernamePassword(String username,String password) throwsSQLException {
Connection con=null;
Statement stmt= null;
ResultSet rs= null;try{
Class.forName("com.mysql.jdbc.Driver");
String url="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false";
con= DriverManager.getConnection(url,"root","123456");
stmt=con.createStatement();
String sql= "select * from garytb where username = '"+username+"' and password = '"+password+"'";//System.out.println(sql);
rs =stmt.executeQuery(sql);if(rs.next()) {return true;
}else{return false;
}
}catch(Exception e) {//TODO Auto-generated catch block
e.printStackTrace();
}finally{if(rs!=null)
rs.close();if(stmt!=null)
stmt.close();if(con!=null)
con.close();
}return false;
}public static boolean selectByUP2(String username,String password) throwsSQLException{
Connection con=null;
Statement stmt= null;
ResultSet rs= null;try{
Class.forName("com.mysql.jdbc.Driver");
String url="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false";
con= DriverManager.getConnection(url,"root","123456");
String sql= "select * from garytb where username = ? and password = ?";
PreparedStatement pstmt=con.prepareStatement(sql);//添加參數
pstmt.setString(1, username);
pstmt.setString(2, password);//進行查詢
rs =pstmt.executeQuery();if(rs.next()) {return true;
}else{return false;
}
}catch(Exception e) {//TODO Auto-generated catch block
e.printStackTrace();
}finally{if(rs!=null)
rs.close();if(stmt!=null)
stmt.close();if(con!=null)
con.close();
}return false;
}
}