java prepare mysql_MySQL_(Java)使用preparestatement解决SQL注入的问题

importjava.sql.Connection;importjava.sql.DriverManager;importjava.sql.PreparedStatement;importjava.sql.ResultSet;importjava.sql.SQLException;importjava.sql.Statement;public classJDBC01 {public static void main(String[] args) throwsSQLException {//selectAll();//存在sql注入

System.out.println(selectByUernamePassword("Garyyyyar","nihao' or '1'='1"));//使用preparestatement解决SQL注入的问题

System.out.println(selectByUP2("Garyyyyar","nihao' or '1'='1"));

}public static void selectAll() throwsSQLException {//注册驱动 使用驱动连接数据库

Connection con = null;

Statement stmt= null;

ResultSet rs= null;try{

Class.forName("com.mysql.jdbc.Driver");//String url ="jdbc:mysql://localhost:3306/garysql";//指定编码查询数据库

String url ="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false";

String user= "root";

String password= "123456";//建立和数据库的连接

con =DriverManager.getConnection(url,user,password);//数据库的增删改查

stmt =con.createStatement();//返回一个结果集

rs =stmt.executeQuery("select * from garytb");while(rs.next()) {//System.out.println(rs.getString(1)+","+rs.getString(2)+","+rs.getString(3));

System.out.println(rs.getString("id")+","+rs.getString("username")+","+rs.getString("password"));

}

}catch(Exception e) {//TODO Auto-generated catch block

e.printStackTrace();

}finally{if(rs!=null)

rs.close();if(stmt!=null)

stmt.close();if(con!=null)

con.close();

}

}public static boolean selectByUernamePassword(String username,String password) throwsSQLException {

Connection con=null;

Statement stmt= null;

ResultSet rs= null;try{

Class.forName("com.mysql.jdbc.Driver");

String url="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false";

con= DriverManager.getConnection(url,"root","123456");

stmt=con.createStatement();

String sql= "select * from garytb where username = '"+username+"' and password = '"+password+"'";//System.out.println(sql);

rs =stmt.executeQuery(sql);if(rs.next()) {return true;

}else{return false;

}

}catch(Exception e) {//TODO Auto-generated catch block

e.printStackTrace();

}finally{if(rs!=null)

rs.close();if(stmt!=null)

stmt.close();if(con!=null)

con.close();

}return false;

}public static boolean selectByUP2(String username,String password) throwsSQLException{

Connection con=null;

Statement stmt= null;

ResultSet rs= null;try{

Class.forName("com.mysql.jdbc.Driver");

String url="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false";

con= DriverManager.getConnection(url,"root","123456");

String sql= "select * from garytb where username = ? and password = ?";

PreparedStatement pstmt=con.prepareStatement(sql);//添加参数

pstmt.setString(1, username);

pstmt.setString(2, password);//进行查询

rs =pstmt.executeQuery();if(rs.next()) {return true;

}else{return false;

}

}catch(Exception e) {//TODO Auto-generated catch block

e.printStackTrace();

}finally{if(rs!=null)

rs.close();if(stmt!=null)

stmt.close();if(con!=null)

con.close();

}return false;

}

}

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值