zoukankan      html  css  js  c++  java
  • java JDBC (二) 防止注入/参数化

    package cn.sasa.demo2;
    
    import java.sql.Connection;
    import java.sql.DriverManager;
    import java.sql.PreparedStatement;
    import java.sql.ResultSet;
    import java.sql.SQLException;
    import java.sql.Statement;
    import java.util.Scanner;
    
    public class JDBCDemo2 {
    
        public static void main(String[] args) throws ClassNotFoundException, SQLException {
            /**
             * 防止注入攻击 /参数化查询
             * Statement 接口 有个子接口 PreparedStatement --sql预编译
             * 
             */
            String name = "";
            String pwd = "";
            Scanner sc = new Scanner(System.in);
            System.out.println("用户名");
            name = sc.nextLine();
            System.out.println("密码");
            pwd = sc.nextLine();
            
            Class.forName("com.mysql.jdbc.Driver");
            Connection conn = DriverManager.getConnection("jdbc:mysql://192.168.0.207:3306/mydb", "root", "XXXXXXXX1");
            
            //String sql = " SELECT * FROM `user` WHERE name='"+ name +"' and pwd='"+ pwd +"' ";
            //Statement state = conn.createStatement();
            //ResultSet rsSet = state.executeQuery(sql);
            
            String sql = " SELECT * FROM `user` WHERE name=? and pwd=? ";
            PreparedStatement pstate = conn.prepareStatement(sql);
            pstate.setObject(1, name);
            pstate.setObject(2, pwd);
            ResultSet rsSet = pstate.executeQuery();
            
            while(rsSet.next()) {
                System.out.println(rsSet.getString("name"));
            }
            
            rsSet.close();
            //state.close();
            pstate.cancel();
            conn.close();
            
        }
    
    }
  • 相关阅读:
    xrange和range区别
    bool([x]) 将x转换为Boolean类型
    bin(x) 将整数x转换为二进制字符串
    chr(i) 返回整数i对应的ASCII字符
    音乐欣赏
    迅雷下载百度云引发的“事故”
    swift获取图片路径出错
    记号笔写在白板上引起的尴尬而又无奈的事件
    swift 3新特性总结
    watch
  • 原文地址:https://www.cnblogs.com/SasaL/p/10233412.html
Copyright © 2011-2022 走看看