SQL注入

SQL注入

SQL存在漏洞，会被攻击导致数据泄露，

 

package com.shushu.lesson;
​
import com.shushu.lesson.utils.JDBCUtils;
​
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
​
public class lesson1 {
    public static void main(String[] args) throws SQLException {
        //  login("zhangsan","123456");
        //  username等于空 或者 1=1（为true）
        login("'or '1=1","'or'1=1");
    }
    public static void login(String username,String password) throws SQLException {
        Connection conn = null;
        Statement st = null;
        ResultSet rs = null;
        conn = JDBCUtils.getConnection();
        st = conn.createStatement();
        String sql = "SELECT * FROM `users` WHERE `name`='"+username+"' AND `password`='"+password+"'";
        rs = st.executeQuery(sql);
        while (rs.next()){
            System.out.println("name="+rs.getString("name"));
            System.out.println("password"+rs.getString("password"));
        }
        JDBCUtils.release(conn,st,rs);
    }
}
​