SQL注入问题

statement存在sql注入问题

public class StatementUserLoginPart {
	public static void main(String[] args) throws ClassNotFoundException, SQLException {
		Scanner scanner = new Scanner(System.in);
		System.out.println("请输入账号");
		String account = scanner.nextLine();
		System.out.println("请输入密码");
		String password = scanner.nextLine();
		Class.forName("com.mysql.cj.jdbc.Driver");
		//Connection connection = DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/test", "root", "123456");
		Properties info = new Properties();
		info.put("user", "root");
		info.put("password", "123456");
		Connection connection = DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/test", info);
		Statement statement = connection.createStatement();
		// 注意sql语句拼接
		String sql = "select * from test.t_user where account = '" + account + "' and PASSWORD = '" + password + "'";
		System.out.println(sql);
		ResultSet resultSet = statement.executeQuery(sql);
		if (resultSet.next()){
			System.out.println("登录成功!");
		}else {
			System.out.println("用户名或密码错误!");
		}
		resultSet.close();
		statement.close();
		connection.close();
	}
}

运行结果

请输入账号
root
请输入密码
' or '1' = '1
select * from test.t_user where account = 'root' and PASSWORD = '' or '1' = '1'
登录成功!
Process finished with exit code 0
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值