MySQL三十二:SQL注入问题
SQL注入问题:
即sql存在漏洞,会被攻击导致数据泄露。
package lesson02.utils;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
public class SQL注入 {
public static void main(String[] args) {
//login("xiaochen","123456"); //正常登陆 正常输出
login("'or'1=1 ","'or'1=1"); //不正常输出,结果是全部用户名和密码
}
public static void login(String username,String password){
Connection conn=null;
Statement st=null;
ResultSet rs=null;
try {
conn = JdbcUtils.getConnection(); //获取数据连接
st = conn.createStatement(); //拿到执行SQL对象
//
String sql="select *from users where `name`='"+username+"'AND `password`='"+password+"'";
rs=st.executeQuery(sql);
while(rs.next()){
System.out.println(rs.getString("name"));
System.out.println(rs.getString("password"));
System.out.println("==============================================");
}
} catch (SQLException throwables) {
throwables.printStackTrace();
}finally {
JdbcUtils.release(conn,st,rs);
}
}
}
本质是SQL拼接