PreparedStatement之安全问题
来源:互联网 发布:python帮助文档的使用 编辑:程序博客网 时间:2024/05/17 23:40
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import org.junit.Test;
public class TestByStatement {
private String name="ericdfhfhdfgd' or 1=1 -- ";
private String password="123456dfgdgd";
/*private String name="eric";
private String password="123456";*/
//@SuppressWarnings("null")
@Test
public void testStatement(){
Connection conn=null;
Statement stmt=null;
ResultSet rs=null;
conn=JDBCUtil.getConncetion();
//String sql="select * from users where name='eric' and password='123456'";
String sql="select * from users where name='"+name+"' and password='"+password+"'";
try {
stmt=conn.createStatement();
rs=stmt.executeQuery(sql);
if(rs.next()){
System.out.println("sucess login");
}else{
System.out.println("login fails");
}
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}finally{
JDBCUtil.close(conn, stmt, rs);
}
}
@Test
public void testPrepareStatement(){
Connection conn=null;
PreparedStatement stmt=null;
ResultSet rs=null;
conn=JDBCUtil.getConncetion();
//String sql="select * from users where name='eric' and password='123456'";
String sql="select * from users where name=? and password=?";
try {
stmt=conn.prepareStatement(sql);
stmt.setString(1,name);
stmt.setString(2,password);
rs=stmt.executeQuery();
if(rs.next()){
System.out.println("sucess login");
}else{
System.out.println("login fails");
}
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}finally{
JDBCUtil.close(conn, stmt, rs);
}
}
}
0 0
- PreparedStatement之安全问题
- JDBC基础教程之PreparedStatement
- JDBC基础教程之PreparedStatement
- JDBC 之 PreparedStatement 接口
- JDBC基础教程之PreparedStatement
- JDBC基础教程之PreparedStatement
- JDBC基础教程之PreparedStatement
- JDBC之PreparedStatement
- JDBC基础教程之PreparedStatement
- JDBC基础教程之PreparedStatement
- JDBC基础教程之PreparedStatement
- JAVA基础 之 PreparedStatement
- JDBC之PreparedStatement
- java学习之PreparedStatement
- Java JDBC 之 PreparedStatement
- JDBC之PreparedStatement
- 数据库优化之PreparedStatement
- JDBC之PreparedStatement
- windows免密码登陆sftp
- 用vi修改文件,保存文件时,提示“readonly option is set”的解决方法。
- JDBC 之 连接DataBase
- 图论学习心得
- 求“最大连续段和”题目分析
- PreparedStatement之安全问题
- jdb编程
- 怎样使用SharedPrefences来存储对象
- $scope.$wtach 监听ionic滑动盒子索引值失效原因
- JDBC连接关闭之工具类
- hdoj 2072 单词数 (map)
- objective-c的NSMutableDictionary增改删测试
- golang 读取execl数据
- 【php中的curl】php中curl的详细解说