java sql 注入 与防范
1.注入
2 .预防
package com.jdbc; import java.sql.*; import java.util.Scanner; public class loginDemo { public static void main(String[] args)throws ClassNotFoundException, SQLException { //1.注册驱动 Class.forName("com.mysql.jdbc.Driver"); //2.连接 String url = "jdbc:mysql://localhost:3306/zfj"; String username = "root"; String password = "root"; Connection con = DriverManager.getConnection(url,username,password); //3.语句执行对象 (执行sql) 返回值 Statement //Statement stat = con.createStatement(); Scanner sc = new Scanner(System.in); String user = sc.nextLine(); String pas = sc.nextLine(); //4.执行sql 查询 select String sql = "SELECT * FROM user where user_name= ? AND user_sex=?"; //防止注入 PreparedStatement pst = con.prepareStatement(sql); pst.setObject(1,user); pst.setObject(2,pas); System.out.println(sql); ResultSet rs = pst.executeQuery(); //处理结果集 while (rs.next()){ //获取每列的的数据 System.out.println(rs.getString("id")+" "+rs.getString("user_name")+" "+rs.getString("user_age")+" "+rs.getString("user_sex")); } //5.释放资源 rs.close(); pst.close(); con.close(); } }