java prepare mysql_MySQL_(Java)使用preparestatement解决SQL注入的问题

最新推荐文章于 2024-04-17 18:37:43 发布

Zhuangxiaohai

最新推荐文章于 2024-04-17 18:37:43 发布

阅读量222

点赞数

文章标签： java prepare mysql

本文链接：https://blog.csdn.net/weixin_42361026/article/details/113323076

版权

importjava.sql.Connection;importjava.sql.DriverManager;importjava.sql.PreparedStatement;importjava.sql.ResultSet;importjava.sql.SQLException;importjava.sql.Statement;public classJDBC01 {public static void main(String[] args) throwsSQLException {//selectAll();//存在sql注入

System.out.println(selectByUernamePassword("Garyyyyar","nihao' or '1'='1"));//使用preparestatement解决SQL注入的问题

System.out.println(selectByUP2("Garyyyyar","nihao' or '1'='1"));

}public static void selectAll() throwsSQLException {//注册驱动使用驱动连接数据库

Connection con = null;

Statement stmt= null;

ResultSet rs= null;try{

Class.forName("com.mysql.jdbc.Driver");//String url ="jdbc:mysql://localhost:3306/garysql";//指定编码查询数据库

String url ="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false";

String user= "root";

String password= "123456";//建立和数据库的连接

con =DriverManager.getConnection(url,user,password);//数据库的增删改查

stmt =con.createStatement();//返回一个结果集

rs =stmt.executeQuery("select * from garytb");while(rs.next()) {//System.out.println(rs.getString(1)+","+rs.getString(2)+","+rs.getString(3));

System.out.println(rs.getString("id")+","+rs.getString("username")+","+rs.getString("password"));

}

}catch(Exception e) {//TODO Auto-generated catch block

e.printStackTrace();

}finally{if(rs!=null)

rs.close();if(stmt!=null)

stmt.close();if(con!=null)

con.close();

}

}public static boolean selectByUernamePassword(String username,String password) throwsSQLException {

Connection con=null;

Statement stmt= null;

ResultSet rs= null;try{

Class.forName("com.mysql.jdbc.Driver");

String url="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false";

con= DriverManager.getConnection(url,"root","123456");

stmt=con.createStatement();

String sql= "select * from garytb where username = '"+username+"' and password = '"+password+"'";//System.out.println(sql);

rs =stmt.executeQuery(sql);if(rs.next()) {return true;

}else{return false;

}

}catch(Exception e) {//TODO Auto-generated catch block

e.printStackTrace();

}finally{if(rs!=null)

rs.close();if(stmt!=null)

stmt.close();if(con!=null)

con.close();

}return false;

}public static boolean selectByUP2(String username,String password) throwsSQLException{

Connection con=null;

Statement stmt= null;

ResultSet rs= null;try{

Class.forName("com.mysql.jdbc.Driver");

String url="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false";

con= DriverManager.getConnection(url,"root","123456");

String sql= "select * from garytb where username = ? and password = ?";

PreparedStatement pstmt=con.prepareStatement(sql);//添加参数

pstmt.setString(1, username);

pstmt.setString(2, password);//进行查询

rs =pstmt.executeQuery();if(rs.next()) {return true;

}else{return false;

}

}catch(Exception e) {//TODO Auto-generated catch block

e.printStackTrace();

}finally{if(rs!=null)

rs.close();if(stmt!=null)

stmt.close();if(con!=null)

con.close();

}return false;

}

Zhuangxiaohai

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
java prepare mysql_MySQL_(Java)使用preparestatement解决SQL注入的问题

importjava.sql.Connection;importjava.sql.DriverManager;importjava.sql.PreparedStatement;importjava.sql.ResultSet;importjava.sql.SQLException;importjava.sql.Statement;public classJDBC01 {public static ...
复制链接

扫一扫