zoukankan      html  css  js  c++  java

  • MySQL_(Java)使用JDBC创建用户名和密码校验查询方法

      MySQL_(Java)使用JDBC向数据库发起查询请求  传送门

      MySQL数据库中的数据,数据库名garysql,表名garytb,数据库中存在的用户表

      

      通过JDBC对MySQL中的数据用户名和密码校验查询,当数据库中存在该用户且账号密码相匹配,则返回true,否则返回false

    import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

public class JDBC01 {

    public static void main(String[] args) throws SQLException  {
        //selectAll();
        System.out.println(selectByUernamePassword("Gary","123"));
    }

    public static void selectAll() throws SQLException {
        //注册驱动    使用驱动连接数据库
        Connection con = null;
        Statement stmt = null;
        ResultSet rs = null;
        try {
            Class.forName("com.mysql.jdbc.Driver");
            
            //String url ="jdbc:mysql://localhost:3306/garysql";
            //指定编码查询数据库
            String url ="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false";
            String user = "root";
            String password = "123456";
            //建立和数据库的连接
            con = DriverManager.getConnection(url,user,password);
            
            //数据库的增删改查
            stmt = con.createStatement();
            //返回一个结果集
            rs =stmt.executeQuery("select * from garytb");
            
            while(rs.next()) {
                //System.out.println(rs.getString(1)+","+rs.getString(2)+","+rs.getString(3));
                System.out.println(rs.getString("id")+","+rs.getString("username")+","+rs.getString("password"));
            }
        
        } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }finally {
            if(rs!=null)
                rs.close();
            if(stmt!=null)
                stmt.close();
            if(con!=null)
                con.close();
        }
    }

    public static boolean  selectByUernamePassword(String username,String password) throws SQLException {
        Connection con=null;
        Statement stmt = null;
        ResultSet rs = null;
        try {
            Class.forName("com.mysql.jdbc.Driver");
            
            String url ="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false";
            con = DriverManager.getConnection(url,"root","123456");
            stmt =con.createStatement();
            String sql = "select * from garytb where username = '"+username+"' and password = '"+password+"'";
            rs = stmt.executeQuery(sql);
            
            if(rs.next()) {
                return true;
            }else {
                return false;
            }
                
        } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }finally {
            if(rs!=null)
                rs.close();
            if(stmt!=null)
                stmt.close();
            if(con!=null)
                con.close();
        }
        
        return false;
    }
    
}
    JDBC01.java

      注意:直接使用该字符串对数据库信息查询时会产生sql注入的危险

    String sql = "select * from garytb where username = '"+username+"' and password = '"+password+"'";
    //校验用户
    public static boolean  selectByUernamePassword(String username,String password) throws SQLException {
        Connection con=null;
        Statement stmt = null;
        ResultSet rs = null;
        try {
            Class.forName("com.mysql.jdbc.Driver");
            
            String url ="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false";
            con = DriverManager.getConnection(url,"root","123456");
            stmt =con.createStatement();
            String sql = "select * from garytb where username = '"+username+"' and password = '"+password+"'";
            //System.out.println(sql);
            rs = stmt.executeQuery(sql);
            
            if(rs.next()) {
                return true;
            }else {
                return false;
            }
                
        } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }finally {
            if(rs!=null)
                rs.close();
            if(stmt!=null)
                stmt.close();
            if(con!=null)
                con.close();
        }
        
        return false;
    }

      我们可以在selectByUernamePassword(String username,String password)方法中输出该SQL语句

      发现or后半段的条件永远是成立的!

      解决此方法可查看我的另一篇博文  使用preparestatement解决SQL注入的问题  传送门

    (如需转载学习,请标明出处)
  • 相关阅读:
    中国VR公司的详尽名单
    maven打包源代码sources.jar和javadoc.jar帮助文档
    中国计算机学会推荐国际学术刊物
    myhuiban会议,期刊,科研人员,计算机类会议大全
    如何写mysql的定时任务
    mysql系列命令解释
    Bootstrap 导航元素
    base64对文件进行加密
    我最在行 诗词 连续错误的
    <% %> in html
  • 原文地址:https://www.cnblogs.com/1138720556Gary/p/10585097.html
Copyright © 2011-2022 走看看