概述
package com.dxm;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import com.sun.java_cup.internal.runtime.Scanner;
public class JDBCDemo2 {
public static void main(String[] args) throws ClassNotFoundException, SQLException {
// TODO Auto-generated method stub
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/mybase";
String user="root";
String password="1234";
Connection connection = DriverManager.getConnection(url, user, password);
java.util.Scanner scanner = new java.util.Scanner(System.in);
System.out.println("Please Input username");
String name = scanner.next(); //aaa
System.out.println("Please Input password");
String pass = scanner.next();//bbb'OR'1=1
String sql="SELECT * FROM users WHERE username=? AND PASSWORD=?";
PreparedStatement prepareStatement = connection.prepareStatement(sql);
prepareStatement.setObject(1, name);
prepareStatement.setObject(2, pass);
ResultSet resultSet = prepareStatement.executeQuery();
System.out.println("username password");
while (resultSet.next()) {
System.out.println(resultSet.getString("username")+" "+resultSet.getString("password"));
}
resultSet.close();
prepareStatement.close();
connection.close();
}
}
最后
以上就是甜蜜汉堡为你收集整理的JAVA-使用PrepareStatement避免SQL注入的全部内容,希望文章能够帮你解决JAVA-使用PrepareStatement避免SQL注入所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
发表评论 取消回复