zoukankan      html  css  js  c++  java

  • MySQL--05

    SQL注入问题

    package space.urbeautiful.utils;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

public class Login {

    public static void main(String[] args) {
        log("' or ' 1=1","' or '1=1");
    }

    public static void log(String username,String password){
        Connection conn = null;
        Statement stat = null;
        ResultSet rs = null;
        try {
            conn = JdbcUtils.getConn();
            stat = conn.createStatement();
            String sql = "select * from userlogin where uname = '"+username+"' and password = '"+password+"'";
            rs = stat.executeQuery(sql);
            while(rs.next()){
             System.out.println(rs.getString("uname"));
             System.out.println(rs.getString("password"));
            }
        } catch (SQLException e) {
            e.printStackTrace();
        }finally{
            JdbcUtils.release(conn,stat,rs);
        }
    }
}

    解决的办法就是不适用Statement 使用PrepareStatement  
  • 相关阅读:
    CentOS怎样强制卸载PHP以及自定义安装PHP
    HTMLparser 笔记
    linux如何查看CPU,内存,机器型号,网卡信息
    PC机做ISCSI存储服务器故障
    [ Python
    [ Python
    [ Python
    [ Python
    [ Python
    [ Python
  • 原文地址:https://www.cnblogs.com/jzspace/p/13053000.html
Copyright © 2011-2022 走看看