MySQL_(Java)使用preparestatement解決SQL注入的問題
MySQL_(Java)使用JDBC向數據庫發起查詢請求 傳送門html
MySQL_(Java)使用JDBC建立用戶名和密碼校驗查詢方法 傳送門java
MySQL數據庫中的數據,數據庫名garysql,表名garytb,數據庫中存在的用戶表mysql
存在SQL注入問題sql
使用preparestatement作查詢語句時可解決SQL注入的問題數據庫
pstmt.setString(1, username)將username做爲一個結果傳入到"where username = ?"的問號中ide
String sql = "select * from garytb where username = ? and password = ?"; PreparedStatement pstmt = con.prepareStatement(sql); //添加參數 pstmt.setString(1, username); pstmt.setString(2, password); //進行查詢 rs = pstmt.executeQuery(); if(rs.next()) { return true; }else { return false; }
import java.sql.Connection; import java.sql.DriverManager; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; public class JDBC01 { public static void main(String[] args) throws SQLException { //selectAll(); //存在sql注入 System.out.println(selectByUernamePassword("Garyyyyar","nihao' or '1'='1")); //使用preparestatement解決SQL注入的問題 System.out.println(selectByUP2("Garyyyyar","nihao' or '1'='1")); } public static void selectAll() throws SQLException { //註冊驅動 使用驅動鏈接數據庫 Connection con = null; Statement stmt = null; ResultSet rs = null; try { Class.forName("com.mysql.jdbc.Driver"); //String url ="jdbc:mysql://localhost:3306/garysql"; //指定編碼查詢數據庫 String url ="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false"; String user = "root"; String password = "123456"; //創建和數據庫的鏈接 con = DriverManager.getConnection(url,user,password); //數據庫的增刪改查 stmt = con.createStatement(); //返回一個結果集 rs =stmt.executeQuery("select * from garytb"); while(rs.next()) { //System.out.println(rs.getString(1)+","+rs.getString(2)+","+rs.getString(3)); System.out.println(rs.getString("id")+","+rs.getString("username")+","+rs.getString("password")); } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); }finally { if(rs!=null) rs.close(); if(stmt!=null) stmt.close(); if(con!=null) con.close(); } } public static boolean selectByUernamePassword(String username,String password) throws SQLException { Connection con=null; Statement stmt = null; ResultSet rs = null; try { Class.forName("com.mysql.jdbc.Driver"); String url ="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false"; con = DriverManager.getConnection(url,"root","123456"); stmt =con.createStatement(); String sql = "select * from garytb where username = '"+username+"' and password = '"+password+"'"; //System.out.println(sql); rs = stmt.executeQuery(sql); if(rs.next()) { return true; }else { return false; } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); }finally { if(rs!=null) rs.close(); if(stmt!=null) stmt.close(); if(con!=null) con.close(); } return false; } public static boolean selectByUP2(String username,String password) throws SQLException{ Connection con=null; Statement stmt = null; ResultSet rs = null; try { Class.forName("com.mysql.jdbc.Driver"); String url ="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false"; con = DriverManager.getConnection(url,"root","123456"); String sql = "select * from garytb where username = ? and password = ?"; PreparedStatement pstmt = con.prepareStatement(sql); //添加參數 pstmt.setString(1, username); pstmt.setString(2, password); //進行查詢 rs = pstmt.executeQuery(); if(rs.next()) { return true; }else { return false; } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); }finally { if(rs!=null) rs.close(); if(stmt!=null) stmt.close(); if(con!=null) con.close(); } return false; } }
public static boolean selectByUP2(String username,String password) throws SQLException{ Connection con=null; Statement stmt = null; ResultSet rs = null; try { Class.forName("com.mysql.jdbc.Driver"); String url ="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false"; con = DriverManager.getConnection(url,"root","123456"); String sql = "select * from garytb where username = ? and password = ?"; PreparedStatement pstmt = con.prepareStatement(sql); //添加參數 pstmt.setString(1, username); pstmt.setString(2, password); //進行查詢 rs = pstmt.executeQuery(); if(rs.next()) { return true; }else { return false; } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); }finally { if(rs!=null) rs.close(); if(stmt!=null) stmt.close(); if(con!=null) con.close(); } return false; }
相關文章
- 1. PrepareStatement 防止sql注入
- 2. ibatis解決sql注入問題
- 3. 爲何preparestatement可以防止sql注入
- 4. 關於prepareStatement可以防止SQL注入的理解
- 5. SQL注入問題
- 6. myBatis的SQL注入問題
- 7. Mysql使用SQL的安全問題,Mysql防止SQL注入
- 8. 三 PrePareStatement注入,DELETE和TRUNCATE
- 9. 解決SpringBoot使用Quartz沒法注入Bean的問題
- 10. DVMA和sql注入天書中不報錯問題的解決
- 更多相關文章...
- • Redis悲觀鎖解決高併發搶紅包的問題 - 紅包項目實戰
- • Redis樂觀鎖解決高併發搶紅包的問題 - 紅包項目實戰
- • PHP Ajax 跨域問題最佳解決方案
- • IntelliJ IDEA中SpringBoot properties文件不能自動提示問題解決
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. Duang!超快Wi-Fi來襲
- 2. 機器學習-補充03 神經網絡之**函數(Activation Function)
- 3. git上開源maven項目部署 多module maven項目(多module maven+redis+tomcat+mysql)後臺部署流程學習記錄
- 4. ecliple-tomcat部署maven項目方式之一
- 5. eclipse新導入的項目經常可以看到「XX cannot be resolved to a type」的報錯信息
- 6. Spark RDD的依賴於DAG的工作原理
- 7. VMware安裝CentOS-8教程詳解
- 8. YDOOK:Java 項目 Spring 項目導入基本四大 jar 包 導入依賴,怎樣在 IDEA 的項目結構中導入 jar 包 導入依賴
- 9. 簡單方法使得putty(windows10上)可以免密登錄樹莓派
- 10. idea怎麼用本地maven
歡迎關注本站公眾號,獲取更多信息
