package Test;
import org.junit.Test;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.List;
public class JDBCdemo5_UserLogin {
/*
*演示用户登录
* */
@Test
public void testUserLogin() throws Exception {
//1.注册驱动
//Class.forName("com.mysql.jdbc.Driver");
//2.获取连接
String url = "jdbc:mysql:///test?useSSL=false";
String username = "root";
String password = "1234";
Connection conn = DriverManager.getConnection(url, username, password);
//接收用户输入用户名和密码
String name="zhangsan";
String pwd="123";
String Sql=" select * from tb_user where username='"+name+"' and password='"+pwd+"' ";
//获取stmt对象
Statement stmt = conn.createStatement();
//执行sql
ResultSet rs = stmt.executeQuery(Sql);
//判断登录是否成功
if (rs.next()){
System.out.println("登录成功");
}else {
System.out.println("登录失败");
}
//7.释放资源
rs.close();
stmt.close();
conn.close();
}
/*
*演示sql注入
* ' or '1' = '1
*
* select * from tb_user where username='dawdsan' and password='' or '1' = '1'
* 通过输入的语句来修改事先定义好的sql语句本身的意义
* */
@Test
public void testlogin_Inject() throws Exception {
//1.注册驱动
//Class.forName("com.mysql.jdbc.Driver");
//2.获取连接
String url = "jdbc:mysql:///test?useSSL=false";
String username = "root";
String password = "1234";
Connection conn = DriverManager.getConnection(url, username, password);
//接收用户输入用户名和密码
String name="dawdsan";
String pwd="' or '1' = '1";
String Sql=" select * from tb_user where username='"+name+"' and password='"+pwd+"' ";
System.out.println(Sql);
//获取stmt对象
Statement stmt = conn.createStatement();
//执行sql
ResultSet rs = stmt.executeQuery(Sql);
//判断登录是否成功
if (rs.next()){
System.out.println("登录成功");
}else {
System.out.println("登录失败");
}
//7.释放资源
rs.close();
stmt.close();
conn.close();
}
}
浙公网安备 33010602011771号