JSP SQL注入--破法

1.JS验证拦截

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
    String path = request.getContextPath();
    String basePath = request.getScheme() + "://"
            + request.getServerName() + ":" + request.getServerPort()
            + path + "/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">

<title>Login</title>

<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<script>
    // 用户名,密码验证
    function checkInput() {
        var vUserName = document.getElementById("UserName").value;
        var vPwd = document.getElementById("Pwd").value;

        var regExp = /^[a-zA-Z0-9]{4,6}$/;

        if (vUserName.match(regExp) != null || vPwd.match(regExp) != null) {

            return true;
        }
        alert("用户名或密码不正确");
        return false;
    }
</script>
</head>

<body>
    <form method="POST" action="servlet/Login"
        onsubmit="return checkInput()">
        用户名: <input type="text" name="UserName" id="UserName" value="">
        <BR> 密 码: <input type="password" name="Pwd" id="Pwd"> <BR>
        <input type="submit">
    </form>
</body>
</html>

 2.使用PreparedStatement

    static boolean doLogin(String myName, String pwd) {
        String strPwdFromDb = "";
        boolean bRet = false;

        try {
            PreparedStatement psta = con
                    .prepareStatement("SELECT Pwd FROM [USER] WHERE UserName = ? AND Pwd = ?");
            psta.setString(1, myName);
            psta.setString(1, pwd);
            ResultSet ret = psta.executeQuery();

            if (ret.next()) {
                bRet = true;
            }

            psta.close();

            return bRet;

        } catch (SQLException e) {
            e.printStackTrace();
        }
        return bRet;
    }