JDBC登录测试(使用preparedStatement防止注入攻击)
package msb.com.demo;
import msb.com.demo.msb.com.entity.Userinfor;
import java.sql.*;
import java.util.Scanner;
public class UserP {
//一个数据库可以存放多个表,我们的表存在testtable数据库中
public static String url = "jdbc:mysql://127.0.0.1:3306/testtable?useSSL=false&useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai";
public static String user = "root";
public static String password = "root";
public static void main(String[] args) {
Scanner scanner = new Scanner(System.in);
System.out.println("请输入账号:");
String acc = scanner.next();
System.out.println("请输入密码:");
String pwd = scanner.next();
Userinfor method = method(acc,pwd);
System.out.println(method==null?"账号或密码错误":"登录成功");
}
public static Userinfor method(String usename1, String password1) {
Connection connection = null;
Statement statement = null;
Userinfor userinfor =null;
PreparedStatement preparedStatement = null;
//通过映射加载数据库连接
try {
Class.forName("com.mysql.cj.jdbc.Driver");
connection = DriverManager.getConnection(url,user,password);
//获取sql对象语句
/*statement = connection.createStatement();*/
/*String sql = "select * from userinfor where usename='"+usename1+"' and password = '"+password1+"'";*/
String sql = "select * from userinfor where usename=? and password = ?";
/* String sqlq = " usename='"+usename1+"' and password = '"+password1+"'";
String sqls = " usename='ab' and password = '123456'";
System.out.println(sqls);
System.out.println(sqlq);*/
//可以获得一个预编译语句对象PreparedStatement
preparedStatement = connection.prepareStatement(sql);
//设置两个?的索引角标位置
preparedStatement.setString(1,usename1);
preparedStatement.setString(2,password1);
ResultSet resultSet = preparedStatement.executeQuery();
while (resultSet.next()) {
int sid = resultSet.getInt("sid");
String usena = resultSet.getString("usename");
String passw= resultSet.getString("password");
userinfor = new Userinfor(sid, usena, passw);
/*System.out.println(userinfors);*/
}
} catch (SQLException throwables) {
throwables.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
} finally {
if (preparedStatement != null) {
try {
preparedStatement.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (connection != null) {
try {
connection.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
return userinfor;
}
}
实体类的创建(entity)
package msb.com.demo.msb.com.entity;
import java.io.Serializable;
//一定要进行序列化操作
public class Userinfor implements Serializable {
private Integer sid;
private String usename;
private String password;
public Userinfor() {
}
public Userinfor(Integer sid, String usename, String password) {
this.sid = sid;
this.usename = usename;
this.password = password;
}
@Override
public String toString() {
return "userinfor{" +
"sid=" + sid +
", usename='" + usename + '\'' +
", password='" + password + '\'' +
'}';
}
public Integer getSid() {
return sid;
}
public void setSid(Integer sid) {
this.sid = sid;
}
public String getUsename() {
return usename;
}
public void setUsename(String usename) {
this.usename = usename;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
浙公网安备 33010602011771号