Oracle Jdbc 防sql注入
2015-09-21 17:08
816 查看
import java.sql.Connection; import java.sql.DriverManager; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; /** * */ /** * @author john * */ public class Demo { /** * @param args * @throws Exception */ public static boolean login (String Username ,String Password ) throws Exception { String driverClassName = "oracle.jdbc.driver.OracleDriver" ; String url = "jdbc:oracle:thin:@103.44.145.243:55090:oracle" ; String username = ""; String password = ""; //加载驱动类 Class.forName(driverClassName) ; Connection con = DriverManager.getConnection(url, username, password) ; //得到statement Statement stmt = con.createStatement() ; //给出sql String sql = "select * from MYUSER where USERNAME ='"+Username+"' and PASSWORD = '"+Password+"'"; ResultSet rs = stmt.executeQuery(sql); return rs.next(); // return false ; } public static boolean login2 (String Username ,String Password ) throws Exception { String driverClassName = "oracle.jdbc.driver.OracleDriver" ; String url = "jdbc:oracle:thin:@103.44.145.243:55090:oracle" ; String username = ""; String password = ""; //加载驱动类 Class.forName(driverClassName) ; Connection con = DriverManager.getConnection(url, username, password) ; //得到statement // Statement stmt = con.createStatement() ; //给出sql /* * 得到preparedStatement * 1.得到sql模板 * 2.调用con方法,得到preparement */ String sql = "select * from MYUSER where USERNAME=?and PASSWORD = ?"; PreparedStatement psmt = con.prepareStatement(sql); /* * 为参数赋值 */ psmt.setString(1,Username);//给问号赋值 psmt.setString(2, Password); ResultSet rs = psmt.executeQuery();//调用查询方法 return rs.next() ; } public static void main(String[] args) throws Exception { // TODO Auto-generated method stub boolean bool2 = login2("a' or 'a' = 'a","a' or 'a' = 'a") ; System.out.println(bool2); boolean bool = login("a' or 'a' = 'a","a' or 'a' = 'a") ; System.out.println(bool); } }
相关文章推荐
- Oracle存储过程的简单示例
- oracle中的null
- oracle 12c 三学习 pdb 可插拔测试
- oracle 11g对大表中添加DEFAULT值的NOT NULL字段速度有大幅度的提升
- oracle10G 数据泵技术
- oracle rman 跨版本恢复 11.2.0.3- 11.2.0.4
- hibernate下oracle转mysql遇到的问题(1)
- Oracle 查询出来的数据取第一条
- 谈谈我对sku的理解(3)----页面效果
- oracle数据库中 经常容易出错的几个小细节
- oracle 客户端乱码
- EXP-00056: 遇到 ORACLE 错误 1455
- [Oracle]Oracle中的decimal与Number区别
- Oracle 高可用技术与云基础架构引航
- Oracle优化器:星型转换(Star Query Transformation )
- 一个PostgreSQL用户眼里的Oracle性能优化
- Oracle 日期函数to_date
- 一篇文章让Oracle DB学会MySql【1】
- Oracle数据加载之sqlldr工具的介绍
- oracle中schema指的是什么?