SQL存在漏洞,会被攻击导致数据泄露,
package com.shushu.lesson;
?
import com.shushu.lesson.utils.JDBCUtils;
?
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
?
public class lesson1 {
public static void main(String[] args) throws SQLException {
// login("zhangsan","123456");
// username等于空 或者 1=1(为true)
login("‘or ‘1=1","‘or‘1=1");
}
public static void login(String username,String password) throws SQLException {
Connection conn = null;
Statement st = null;
ResultSet rs = null;
conn = JDBCUtils.getConnection();
st = conn.createStatement();
String sql = "SELECT * FROM `users` WHERE `name`=‘"+username+"‘ AND `password`=‘"+password+"‘";
rs = st.executeQuery(sql);
while (rs.next()){
System.out.println("name="+rs.getString("name"));
System.out.println("password"+rs.getString("password"));
}
JDBCUtils.release(conn,st,rs);
}
}
?