防止sql注入方法 如何防止java中将MySQL的数据库验证密码加上 ' or '1'= '1 就可以出现万能密码 的PreparedStatement
package com.swift; import java.sql.Connection; import java.sql.DriverManager; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; public class LoginJDBC$PreparedStatement { public static void main(String[] args) { User userZhangsan=new User("swift","123456' or '1'='1"); if(login(userZhangsan)) { System.out.println("账号密码正确,登陆成功"); }else { System.out.println("登陆失败"); } } private static boolean login(User userZhangsan) { Connection conn=null; PreparedStatement ps=null; ResultSet rs=null; try { //1、装载驱动 Class.forName("com.mysql.jdbc.Driver"); } catch (ClassNotFoundException e) { e.printStackTrace(); } try { //2、链接数据库,使用com.mysql.jdbc.Connection包会出错 conn=DriverManager.getConnection("jdbc:mysql://localhost:3306/sw_database?user=root&password=root"); //3、创建连接语句 ps=conn.prepareStatement("select * from sw_user where username='"+userZhangsan.getUsername()+"' and password='"+userZhangsan.getPassword()+"'"); //4、执行SQL语句获得结果集 rs=ps.executeQuery(); if(rs.next()) { return true; } } catch (SQLException e) { e.printStackTrace(); }finally { //关闭结果集 try { if(rs!=null) { rs.close(); } } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } //关闭连接语句 try { if(ps!=null) { ps.close(); } } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } //关闭数据库连接 try { if(conn!=null) { conn.close(); } } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } } return false; } }
上面代码中的sql语句通过字符串连接的方式,虽然已经使用了PreparedStatement,但依然不能防止注入,因为字符串连接可以加入'or '1'='1
ps=conn.prepareStatement("select * from sw_user where username='"+userZhangsan.getUsername()+"' and password='"+userZhangsan.getPassword()+"'");
将上面sql语句变为 select * from sw_user where username=? and password=?
就不存在字符串连接,password 加上其他字符sql也无法执行
所以代码修改如下:
package com.swift; import java.sql.Connection; import java.sql.DriverManager; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; public class LoginJDBC$PreparedStatement2 { public static void main(String[] args) { User userSwift=new User("zhangsan","123456"); if(login(userSwift)) { System.out.println("账号密码正确,登陆成功"); }else { System.out.println("登陆失败"); } } private static boolean login(User userSwift) { Connection conn=null; PreparedStatement ps=null; ResultSet rs=null; try { //1、装载驱动 Class.forName("com.mysql.jdbc.Driver"); } catch (ClassNotFoundException e) { e.printStackTrace(); } try { //2、链接数据库,使用com.mysql.jdbc.Connection包会出错 conn=DriverManager.getConnection("jdbc:mysql://localhost:3306/sw_database?user=root&password=root"); //3、创建连接语句 ps=conn.prepareStatement("select * from sw_user where username=? and password=?"); ps.setString(1, userSwift.getUsername()); ps.setString(2, userSwift.getPassword()); //4、执行SQL语句获得结果集 rs=ps.executeQuery(); if(rs.next()) { return true; } } catch (SQLException e) { e.printStackTrace(); }finally { //关闭结果集 try { if(rs!=null) { rs.close(); } } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } //关闭连接语句 try { if(ps!=null) { ps.close(); } } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } //关闭数据库连接 try { if(conn!=null) { conn.close(); } } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } } return false; } }
Never waste time any more, Never old man be a yong man