zoukankan      html  css  js  c++  java
  • java sql

    import java.sql.Connection;
    import java.sql.DriverManager;
    import java.sql.PreparedStatement;
    import java.sql.ResultSet;
    import java.sql.SQLException;
    import java.sql.Savepoint;
    import java.sql.Statement;

    import com.mysql.jdbc.Driver;

    public class Sqltest {

    private final static String DRIVER="com.mysql.jdbc.Driver";
    private final static String URL = "jdbc:mysql://127.0.0.1:3306/signin";
    private final static String USERNAME = "root";
    private final static String PASSWORD = "21424019";
    public static void main(String[] args) {
    // TODO Auto-generated method stub
    try {
    Driver driver = (Driver)Class.forName(DRIVER).newInstance();
    DriverManager.registerDriver(driver);
    Connection con = DriverManager.getConnection(URL, USERNAME, PASSWORD);
    con.setAutoCommit(false);
    //String sql="select user_id from `test`.`new_table` where user_id=";
    String sql="insert into test.new_table(user_id,password) values(?,?)";
    String sql2=" and password=";
    String user_id1="harry1",password1="123456";
    String user_id2="'potter1' or '1'='1'--";
    String password2="'23456790'";
    StringBuffer sb=new StringBuffer();
    sb.append(sql);
    sb.append(user_id1);
    sb.append(sql2);
    sb.append(password1);
    PreparedStatement preparestatement = con.prepareStatement(sql);
    preparestatement.setString(1,user_id1);
    preparestatement.setString(2, password1);
    Savepoint svpt=con.setSavepoint();
    int lines=preparestatement.executeUpdate();
    if(lines>=1)
    {
    System.out.println(lines);
    con.rollback();
    //con.rollback(svpt);
    }

    con.commit();

    con.releaseSavepoint(svpt);
    /*Statement statement = con.createStatement();
    System.out.println("sql: "+sb.toString());
    ResultSet result= statement.executeQuery(sb.toString());
    while(result.next())
    {
    System.out.println("USER_ID1");
    System.out.println(result.getString(1));
    }
    sb.setLength(0);
    sb.append(sql);
    sb.append(user_id2);
    sb.append(sql2);
    sb.append(password2);
    ResultSet result2 = statement.executeQuery(sb.toString());
    while(result2.next())
    {
    System.out.println("USER_ID2");
    System.out.println(result2.getString(1));
    }*/
    } catch (InstantiationException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
    } catch (IllegalAccessException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
    } catch (ClassNotFoundException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
    } catch (SQLException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
    }
    }

    }

  • 相关阅读:
    Python反射(自省)机制
    Python多态和多态性
    Python中子类调用父类的方法
    Python类的组合和继承
    Python类的静态属性、类方法、静态方法
    Python类的内置函数
    Python json模块详解
    python os模块总结
    python sys模块详解
    python 模块和包的入方法
  • 原文地址:https://www.cnblogs.com/earendil/p/4509667.html
Copyright © 2011-2022 走看看