![f6f767af5710eb146ae731d923dccb34.png](https://img-blog.csdnimg.cn/img_convert/f6f767af5710eb146ae731d923dccb34.png)
![3879b6b298f5151f4dee4dfcecf92f65.png](https://img-blog.csdnimg.cn/img_convert/3879b6b298f5151f4dee4dfcecf92f65.png)
package mysql;
/*
* java程序实现用户登录,用户名和密码,数据库检查
* 演示被别人注入攻击
*/
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Scanner;
public class JDBCDEMO2 {
public static void main(String[] args) throws Exception {
// TODO Auto-generated method stub
Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection
("jdbc.mysql://localhost:3306/mybase", "root" , "root");
Statement stat = con.createStatement();
Scanner sc = new Scanner(system.in );
String user = sc.nextLine();
String pass = sc.nextLine();
// 执行SQL语句,数据表,查询用户名和密码,如果存在,登录成功,不存在登录失败
String sql = "SELECT * FROM user WHERE username = '" +
user + "' AND PASSWORD = '" + pass + "'";
// + " = 'dsfsdfd' AND PASSWORD = 'wrethiyu'OR 1=1";
// String sql = "SELECT * FROM user WHERE username"
// + " = 'dsfsdfd' AND PASSWORD = 'wrethiyu'OR 1=1";
// String sql = "SELECT * FROM user WHERE username"
// + " = '" + user + "' AND PASSWORD = '" + pass + " 'OR 1=1";
ResultSet rs = stat.executeQuery(sql);
while(rs.next()) {
System.out .println
(rs.getString("username" + " " + rs.getString("password")));
}
rs.close();
stat.close();
con.close();
}
}
![f08aa1790d29498417bb90185e1b23f2.png](https://img-blog.csdnimg.cn/img_convert/f08aa1790d29498417bb90185e1b23f2.png)