package Test; import org.junit.Test; import java.sql.Connection; import java.sql.DriverManager; import java.sql.ResultSet; import java.sql.Statement; import java.util.ArrayList; import java.util.List; public class JDBCdemo5_UserLogin { /* *演示用户登录 * */ @Test public void testUserLogin() throws Exception { //1.注册驱动 //Class.forName("com.mysql.jdbc.Driver"); //2.获取连接 String url = "jdbc:mysql:///test?useSSL=false"; String username = "root"; String password = "1234"; Connection conn = DriverManager.getConnection(url, username, password); //接收用户输入用户名和密码 String name="zhangsan"; String pwd="123"; String Sql=" select * from tb_user where username='"+name+"' and password='"+pwd+"' "; //获取stmt对象 Statement stmt = conn.createStatement(); //执行sql ResultSet rs = stmt.executeQuery(Sql); //判断登录是否成功 if (rs.next()){ System.out.println("登录成功"); }else { System.out.println("登录失败"); } //7.释放资源 rs.close(); stmt.close(); conn.close(); } /* *演示sql注入 * ' or '1' = '1 * * select * from tb_user where username='dawdsan' and password='' or '1' = '1' * 通过输入的语句来修改事先定义好的sql语句本身的意义 * */ @Test public void testlogin_Inject() throws Exception { //1.注册驱动 //Class.forName("com.mysql.jdbc.Driver"); //2.获取连接 String url = "jdbc:mysql:///test?useSSL=false"; String username = "root"; String password = "1234"; Connection conn = DriverManager.getConnection(url, username, password); //接收用户输入用户名和密码 String name="dawdsan"; String pwd="' or '1' = '1"; String Sql=" select * from tb_user where username='"+name+"' and password='"+pwd+"' "; System.out.println(Sql); //获取stmt对象 Statement stmt = conn.createStatement(); //执行sql ResultSet rs = stmt.executeQuery(Sql); //判断登录是否成功 if (rs.next()){ System.out.println("登录成功"); }else { System.out.println("登录失败"); } //7.释放资源 rs.close(); stmt.close(); conn.close(); } }
标签:username,JDBC,String,SQL,stmt,API,sql,import,password From: https://www.cnblogs.com/Karl-hut/p/17482102.html