package com.mf.jdbc;
import org.junit.Test;
import java.sql.*;
/**
- 登录逻辑
*/
public class JDBCDemo1 {
@Test
public void testPrepareStatement() throws Exception {
String url = "jdbc:mysql:///test?useSSL=false";
String username = "root";
String password = "123456";
Connection conn = DriverManager.getConnection(url, username, password);
//接收用户输入的用户名和密码
String name = "zhangsan";
String pwd = "' or '1' = '1";
//定义sql
String sql = "select * from tb_user where username = ? and password = ?";
//获取pstmt对象
PreparedStatement pstmt = conn.prepareStatement(sql);
//"?"不能执行,所以设置?的值
pstmt.setString(1, name);
pstmt.setString(2, pwd);
//执行sql
ResultSet rs = pstmt.executeQuery();
//判断登陆是否成功
if (rs.next()) {
System.out.println("登陆成功");
} else {
System.out.println("登陆失败~");
}
//释放资源
rs.close();
pstmt.close();
conn.close();
}
/**
* 演示sql注入
*/
public void testLogin_inject() throws Exception {
String url = "jdbc:mysql:///db1?useSSL=false";
String username = "root";
String password = "123456";
Connection conn = DriverManager.getConnection(url, username, password);
//接收用户输入的用户名和密码
String name = "zegcxbdb";
String pwd = "' or '1' = '1";
//定义sql
String sql = "select * from tb_user where username = '" + name + "' and password = '" + pwd + "'";
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery(sql);
if (rs.next()) {
System.out.println("登陆成功");
} else {
System.out.println("登陆失败~");
}
rs.close();
stmt.close();
conn.close();
}
}
标签:总结,username,String,5.17,sql,close,password,conn From: https://www.cnblogs.com/XiMenXve/p/17409404.html