JDBC案例-模拟用户登录(二)
1、修订版解决了sql注入问题,示例代码如下:
package com.jh.www;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Scanner;
public class Test4 {
public static void main(String[] args) {
Scanner sc = new Scanner(System.in);
System.out.println("请输入用户名:");
String username = sc.nextLine();
System.out.println("请输入密码:");
String pswd = sc.nextLine();
boolean b = loginMethod(username,pswd);
if(b== true) {
System.out.println("登录成功");
}else {
System.out.println("用户名或密码错误");
}
}
//连接查询数据库
public static boolean loginMethod(String user, String password) {
if (user==null || password==null) {
return false;
}
Connection conn =null;
PreparedStatement pstmt = null;
ResultSet res = null;
try {
//1、导入驱动jar包
//2、注册驱动
// Class.forName("com.mysql.jdbc.Driver");
//3、获取数据库的连接对象(连接数据库)url,user,psd
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/mylb","root","root");
//4、定义sql
//防止sql注入
String sql = "select * from loginUser where name = ? and password = ?";
System.out.println(sql);
//5、获取执行Sql的对象
pstmt = conn.prepareStatement(sql);
pstmt.setString(1, user);
pstmt.setString(2, password);
//6、执行Sql,接收返回结果
res =pstmt.executeQuery();
return res.next();
//7、处理结果
//8、释放资源
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}finally {
try {
res.close();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
pstmt.close();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
conn.close();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
return false;
}
}