package mysql;
/*
-
java程序实现用户登录,用户名和密码,数据库检查
-
演示被别人注入攻击
*/
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Scanner;
public class JDBCDEMO2 {
public static void main(String[] args) throws Exception {
// TODO Auto-generated method stub
Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection
("jdbc.mysql://localhost:3306/mybase", "root" , "root");
Statement stat = con.createStatement();
Scanner sc = new Scanner(system.in );
String user = sc.nextLine();
String pass = sc.nextLine();
// 执行SQL语句,数据表,查询用户名和密码,如果存在,登录成功,不存在登录失败
String sql = "SELECT * FROM user WHERE username = '" +
user + "' AND PASSWORD = '" + pass + "'";
// + " = 'dsfsdfd' AND PASSWORD = 'wrethiyu'OR 1=1";
// String sql = "SELECT * FROM user WHERE username"
// + " = 'dsfsdfd' AND PASSWORD = 'wrethiyu'OR 1=1";
// String sql = "SELECT * FROM user WHERE username"
// + " = '" + user + "' AND PASSWORD = '" + pass + " 'OR 1=1";
ResultSet rs = stat.executeQuery(sql);
while(rs.next()) {
System.out .println
(rs.getString("username" + " " + rs.getString("password")));
}
rs.close();
stat.close();
con.close();
}
}
import com.alibaba.druid.pool.DruidDataSourceFactory;
import javax.sql.DataSource;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Properties;
/**
* @ClassName: JDBCUtils
* @Auther: Mollen
* @CreateTime: 2018-09-23 10:18:14
* @Description: JDBCUtils 数据库连接工具类
*/
public class JDBCUtils {
/**
* 1.定义成员变量datasource
*/
private static DataSource ds;
/**
* 2.加载数据源
*/
static {
try {
Properties pro = new Properties();
pro.load(JDBCUtils.class.getClassLoader().getResourceAsStream("Druid.properties"));
ds = DruidDataSourceFactory.createDataSource(pro);
} catch (IOException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* 3.获取连接池对象
* @return
*/
public static DataSource getDatasource(){
return ds;
}
/**
* 4.获取连接池Connection对象
* @return
* @throws SQLException
*/
public static Connection getConnection() throws SQLException {
return ds.getConnection();
}
/**
* 5.释放资源
* @param st
* @param conn
*/
public static void close(PreparedStatement st, Connection conn) {
close(null, st, conn);
}
/**
* 5.释放资源重载方法
* @param rs
* @param st
* @param conn
*/
public static void close(ResultSet rs, PreparedStatement st, Connection conn) {
if (rs != null) {
try {
rs.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (st != null) {
try {
st.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (conn != null) {
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
/**
* @ClassName: User
* @Auther: Mollen
* @CreateTime: 2018-09-23 10:12:41
* @Description:
* User实体类
*/
public class User {
private String userName;
private String password;
public User() {
}
public User(String userName, String password) {
this.userName = userName;
this.password = password;
}
@Override
public String toString() {
return "User{" +
"userName='" + userName + '\'' +
", password='" + password + '\'' +
'}';
}
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
