MySQL_(Java)使用JDBC创建用户名和密码校验查询方法
MySQL_(Java)使用JDBC向数据库发起查询请求 传送门
MySQL数据库中的数据,数据库名garysql,表名garytb,数据库中存在的用户表
通过JDBC对MySQL中的数据用户名和密码校验查询,当数据库中存在该用户且账号密码相匹配,则返回true,否则返回false
import java.sql.Connection; import java.sql.DriverManager; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; public class JDBC01 { public static void main(String[] args) throws SQLException { //selectAll(); System.out.println(selectByUernamePassword("Gary","123")); } public static void selectAll() throws SQLException { //注册驱动 使用驱动连接数据库 Connection con = null; Statement stmt = null; ResultSet rs = null; try { Class.forName("com.mysql.jdbc.Driver"); //String url ="jdbc:mysql://localhost:3306/garysql"; //指定编码查询数据库 String url ="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false"; String user = "root"; String password = "123456"; //建立和数据库的连接 con = DriverManager.getConnection(url,user,password); //数据库的增删改查 stmt = con.createStatement(); //返回一个结果集 rs =stmt.executeQuery("select * from garytb"); while(rs.next()) { //System.out.println(rs.getString(1)+","+rs.getString(2)+","+rs.getString(3)); System.out.println(rs.getString("id")+","+rs.getString("username")+","+rs.getString("password")); } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); }finally { if(rs!=null) rs.close(); if(stmt!=null) stmt.close(); if(con!=null) con.close(); } } public static boolean selectByUernamePassword(String username,String password) throws SQLException { Connection con=null; Statement stmt = null; ResultSet rs = null; try { Class.forName("com.mysql.jdbc.Driver"); String url ="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false"; con = DriverManager.getConnection(url,"root","123456"); stmt =con.createStatement(); String sql = "select * from garytb where username = '"+username+"' and password = '"+password+"'"; rs = stmt.executeQuery(sql); if(rs.next()) { return true; }else { return false; } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); }finally { if(rs!=null) rs.close(); if(stmt!=null) stmt.close(); if(con!=null) con.close(); } return false; } }
注意:直接使用该字符串对数据库信息查询时会产生sql注入的危险
String sql = "select * from garytb where username = '"+username+"' and password = '"+password+"'";
//校验用户 public static boolean selectByUernamePassword(String username,String password) throws SQLException { Connection con=null; Statement stmt = null; ResultSet rs = null; try { Class.forName("com.mysql.jdbc.Driver"); String url ="jdbc:mysql://localhost:3306/garysql?useUnicode=true&characterEncoding=UTF8&useSSL=false"; con = DriverManager.getConnection(url,"root","123456"); stmt =con.createStatement(); String sql = "select * from garytb where username = '"+username+"' and password = '"+password+"'"; //System.out.println(sql); rs = stmt.executeQuery(sql); if(rs.next()) { return true; }else { return false; } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); }finally { if(rs!=null) rs.close(); if(stmt!=null) stmt.close(); if(con!=null) con.close(); } return false; }
我们可以在selectByUernamePassword(String username,String password)方法中输出该SQL语句
发现or后半段的条件永远是成立的!
解决此方法可查看我的另一篇博文 使用preparestatement解决SQL注入的问题 传送门
(如需转载学习,请标明出处)
