SQL注入问题

SQL注入问题

SQL存在漏洞，会被攻击导致数据泄露。SQL会被拼接 or

下方代码可以查询全部数据库内容：

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
public class SQL注入 {
    public static void main(String[] args) {
        // 正常登录 login("saxon","123456");
        login(" 'or' 1=1"," 'or' 1=1");   //查出了所有数据
    }
    public static void login(String username,String password) {
        Connection conn = null;
        Statement st = null;
        ResultSet rs = null;
        try {
            conn = jdbcUtils.getConnection();
            st = conn.createStatement();
            //select * from users where `NAME` = ''or' 1=1' AND  `password` = ''or' 1=1'
            String sql = "select * from users where `NAME` = '" + username +"' AND  `password` = '"+ password + "' ";
            rs = st.executeQuery(sql);
            while (rs.next()) {
                System.out.println(rs.getString("NAME"));
                System.out.println(rs.getString("password"));
                System.out.println("=============");
            }
        } catch (SQLException e) {
            e.printStackTrace();
        }
    }
}

posted @ 2021-05-16 19:14 saxon宋阅读(40) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

saxon宋

SQL注入问题

SQL注入问题

公告