SQL注入

SQL注入

SQL存在漏洞,会被攻击导致数据泄露,

 

package com.shushu.lesson;
?
import com.shushu.lesson.utils.JDBCUtils;
?
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
?
public class lesson1 {
   public static void main(String[] args) throws SQLException {
       // login("zhangsan","123456");
       // username等于空 或者 1=1(为true)
       login("‘or ‘1=1","‘or‘1=1");
  }
   public static void login(String username,String password) throws SQLException {
       Connection conn = null;
       Statement st = null;
       ResultSet rs = null;
       conn = JDBCUtils.getConnection();
       st = conn.createStatement();
       String sql = "SELECT * FROM `users` WHERE `name`=‘"+username+"‘ AND `password`=‘"+password+"‘";
       rs = st.executeQuery(sql);
       while (rs.next()){
           System.out.println("name="+rs.getString("name"));
           System.out.println("password"+rs.getString("password"));
      }
       JDBCUtils.release(conn,st,rs);
  }
}
?

 

SQL注入

上一篇:如何在Java中选择Map/List/Set


下一篇:图片旋转 90、180、270