JSP SQL注入--破法
1.JS验证拦截
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path + "/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="<%=basePath%>"> <title>Login</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <script> // 用户名,密码验证 function checkInput() { var vUserName = document.getElementById("UserName").value; var vPwd = document.getElementById("Pwd").value; var regExp = /^[a-zA-Z0-9]{4,6}$/; if (vUserName.match(regExp) != null || vPwd.match(regExp) != null) { return true; } alert("用户名或密码不正确"); return false; } </script> </head> <body> <form method="POST" action="servlet/Login" onsubmit="return checkInput()"> 用户名: <input type="text" name="UserName" id="UserName" value=""> <BR> 密 码: <input type="password" name="Pwd" id="Pwd"> <BR> <input type="submit"> </form> </body> </html>
2.使用PreparedStatement
static boolean doLogin(String myName, String pwd) { String strPwdFromDb = ""; boolean bRet = false; try { PreparedStatement psta = con .prepareStatement("SELECT Pwd FROM [USER] WHERE UserName = ? AND Pwd = ?"); psta.setString(1, myName); psta.setString(1, pwd); ResultSet ret = psta.executeQuery(); if (ret.next()) { bRet = true; } psta.close(); return bRet; } catch (SQLException e) { e.printStackTrace(); } return bRet; }