msb_89750
/
msb
1
0
Code Issues Pull Requests Projects Releases Wiki Activity

第11节

Browse Source 
1.sql注入演示
master
丁业林-17050417 3 years ago
parent 01a05df1fa
commit efadd43245
2 changed files with 142 additions and 0 deletions
Show Stats Download Patch File Download Diff File

62
testJDBC/JDBCDemo1/src/com/msb/bean/Account.java
Unescape View File

@ -0,0 +1,62 @@
package com.msb.bean;
import java.io.Serializable;
public class Account implements Serializable {
private Integer aid;
private String username;
private String password;
private Double money;
public Account() {
}
public Account(Integer aid, String username, String password, Double money) {
this.aid = aid;
this.username = username;
this.password = password;
this.money = money;
}
public Integer getAid() {
return aid;
}
public void setAid(Integer aid) {
this.aid = aid;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public Double getMoney() {
return money;
}
public void setMoney(Double money) {
this.money = money;
}
@Override
public String toString() {
return "Account{" +
"aid=" + aid +
", username='" + username + '\'' +
", password='" + password + '\'' +
", money=" + money +
'}';
}
}

80
testJDBC/JDBCDemo1/src/com/msb/test2/TestInjection.java
Unescape View File

@ -0,0 +1,80 @@
package com.msb.test2;
import com.msb.bean.Account;
import com.msb.bean.Emp;
import java.sql.*;
import java.util.ArrayList;
import java.util.List;
import java.util.Scanner;
public class TestInjection {
public static String driver = "com.mysql.cj.jdbc.Driver";
public static String url = "jdbc:mysql://127.0.0.1:3306/mydb?useSSL=false&useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai";
public static String user = "root";
public static String password = "Fnst1234";
public static void main(String[] args) {
Scanner scanner = new Scanner(System.in);
System.out.println("请输入用户名");
String username = scanner.next();
System.out.println("请输入密码");
String pwd = scanner.next();
Account account = queryAccount(username, pwd);
System.out.println(account != null ? "登录成功" : "登录失败");
scanner.close();
}
public static Account queryAccount(String userName, String pwd) {
Account result = null;
Connection connection = null;
Statement statement = null;
ResultSet resultSet = null;
try {
// 选择数据库
// Driver driver = new com.mysql.cj.jdbc.Driver();
// DriverManager.registerDriver(driver);
Class.forName(driver);
// 建立连接
connection = DriverManager.getConnection(url, user, password);
// 执行sql
statement = connection.createStatement();
String sql = "select * from account where username='" + userName + "' and password='" + pwd + "'";
System.out.println(sql);
resultSet = statement.executeQuery(sql);
if (resultSet.next()) {
int aid = resultSet.getInt("aid");
String usernamea = resultSet.getString("username");
String pwda = resultSet.getString("password");
double money = resultSet.getDouble("money");
result = new Account(aid,usernamea,pwda,money);
}
}
catch (Exception e) {
e.printStackTrace();
}
finally {
try {
if (resultSet != null) {
resultSet.close();
}
if (statement != null) {
statement.close();
}
if (connection != null) {
connection.close();
}
}
catch (SQLException e) {
e.printStackTrace();
}
}
return result;
}
}
Write Preview
Loading…
Cancel
Save