标签：varchar   res   查询   sele   成功   失败   ati   sql注入   lan   

sql注入(登录查询数据库)

• 通过一个登录案例模拟 创建一个用户表用来模拟用户登录信息  create table login(id int,name varchar(20),pwd varchar(20));

• insert into login values(1,’abc’,’123’); 
  insert into login values(2,’abcd’,’1234’); 

   

• 模拟登录 

• select * from login where name=’abc’ and pwd=’123’ 
  select * from login where name=’abc’or’1==1’ and pwd=’123dhdhdhdhdhd’ 
  select * from login where name= ‘abc\’or\’1==1’ and pwd= ‘123dhdhdhdhdhd’ 

   

• 代码实现:

•     public static void loginIn(String name, String pwd) throws Exception {
          DriverManager.registerDriver(new Driver());
          Connection conn = DriverManager.getConnection("jdbc:mysql://**.***.**.***:3306/ngyb", "root", "123456");
          String sql = "select * from login where name = ? and pwd =?";
          PreparedStatement prepareStatement = conn.prepareStatement(sql);
          prepareStatement.setString(1, name);
          prepareStatement.setString(2, pwd);
          ResultSet resultSet = prepareStatement.executeQuery();
          if (resultSet.next()) {
              System.out.println("登录成功");
          } else {
              System.out.println("登录失败");
          }
          resultSet.close();
          prepareStatement.close();
          conn.close();
      }
  }

   

sql注入

标签：varchar   res   查询   sele   成功   失败   ati   sql注入   lan   

原文地址：https://www.cnblogs.com/nangongyibin/p/10200572.html