package com.dxm;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import com.sun.java_cup.internal.runtime.Scanner;
public class JDBCDemo2 {
public static void main(String[] args) throws ClassNotFoundException, SQLException {
// TODO Auto-generated method stub
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/mybase";
String user="root";
String password="1234";
Connection connection = DriverManager.getConnection(url, user, password);
java.util.Scanner scanner = new java.util.Scanner(System.in);
System.out.println("Please Input username");
String name = scanner.next(); //aaa
System.out.println("Please Input password");
String pass = scanner.next();//bbb'OR'1=1
String sql="SELECT * FROM users WHERE username=? AND PASSWORD=?";
PreparedStatement prepareStatement = connection.prepareStatement(sql);
prepareStatement.setObject(1, name);
prepareStatement.setObject(2, pass);
ResultSet resultSet = prepareStatement.executeQuery();
System.out.println("username password");
while (resultSet.next()) {
System.out.println(resultSet.getString("username")+" "+resultSet.getString("password"));
}
resultSet.close();
prepareStatement.close();
connection.close();
}
}
最后
以上就是甜蜜汉堡最近收集整理的关于JAVA-使用PrepareStatement避免SQL注入的全部内容,更多相关JAVA-使用PrepareStatement避免SQL注入内容请搜索靠谱客的其他文章。
发表评论 取消回复