jdbc操作mysql資料庫(防止注入攻擊版本)
阿新 • • 發佈:2019-02-20
package TestJDBC;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
public class SQLDemo {
public static void main(String[] args) {
SQLDemo demo = new SQLDemo();
//demo.login("a' or 'a'='a", "a' or 'a'='a");
demo.login("zs", "zs");
}
public static Connection getConnection() throws Exception{
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/web08";
return DriverManager.getConnection(url, "root", "root");
}
public void login(String username,String password){
Connection conn = null ;
PreparedStatement ps = null;
ResultSet rs = null;
try{
conn = getConnection();
String sql = "select * from user where username=? and password=?";
ps = conn.prepareStatement(sql);
ps.setString(1, username);
ps.setString(2 , password);
rs = ps.executeQuery();
if(rs.next()){
System.out.println("歡迎:"+rs.getString("username"));
}else {
System.out.println("使用者名稱或密碼錯誤");
}
}catch(Exception e){
e.printStackTrace();
}finally{
try{
if(rs!=null) rs.close();
if(ps!=null) ps.close();
if(conn!=null) conn.close();
}catch(Exception e){
e.printStackTrace();
}
}
}
}