oracle(sql注入)
拼sql语句的问题? 会因他人sql注入,而丧失数据
sql注入:
因为sql语句是字符串拼接而成的
sql语句 建议使用PreparedStatement
insert:
public static void main(String[] args) throws ClassNotFoundException, SQLException {
Class.forName("oracle.jdbc.OracleDriver");//加载类到jvm Connection conn = DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:ORCL", "scott", "123456");//获取数据库连接 PreparedStatement pst = conn.prepareStatement("insert into myemp values(?,?,?,?,?,?,?,?)"); pst.setInt(1, 3212); pst.setString(2, "小明"); pst.setString(3, "打酱油"); pst.setInt(4, 5423); //string---->java.util.Date------>java.sql.Date Date date = new Date(); java.sql.Date d= new java.sql.Date(date.getTime()); pst.setDate(5, d); pst.setInt(6,5444); pst.setInt(7,324); pst.setInt(8,10); //必须有 pst.executeUpdate();//更新数据 System.out.println("OK!!"+conn); //关闭资源 pst.close(); conn.close();//必须关 } }
select:
public static void main(String[] args) throws ClassNotFoundException, SQLException {
Class.forName("oracle.jdbc.OracleDriver");//加载类到jvm Connection conn = DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:ORCL", "scott", "123456");//获取数据库连接 PreparedStatement pst = conn.prepareStatement("select * from myemp "); ResultSet rs = pst.executeQuery(); while(rs.next()) { int empno = rs.getInt("empno"); String ename =rs.getString("ename"); String job = rs.getString("job"); int mgr = rs.getInt("mgr"); Date date = rs.getDate("hiredate"); System.out.println(date); int sal = rs.getInt("sal"); int comm = rs.getInt("comm"); int deptno = rs.getInt("deptno"); } System.out.println("OK!!"+conn); //关闭资源 pst.close(); conn.close();//必须关 } }
delete:
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Date;
import java.util.Scanner;
public class Test08_delete2 {
public static void main(String[] args) throws ClassNotFoundException, SQLException { Scanner sc = new Scanner(System.in); System.out.println("input"); int deptno = sc.nextInt(); int sal=sc.nextInt(); Class.forName("oracle.jdbc.OracleDriver");//加载类到jvm Connection conn = DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:ORCL", "scott", "123456");//获取数据库连接 //PreparedStatement pst = conn.prepareStatement("delete from myemp where deptno =" + deptno + "and sal = " + sal ); PreparedStatement pst = conn.prepareStatement("delete from myemp where deptno = ? and sal=?"); pst.setInt(1, deptno); pst.setInt(2,sal); int x = pst.executeUpdate(); System.out.println("OK!!"+conn); //关闭资源 pst.close(); conn.close();//必须关 } }
update:
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Date;
import java.util.Scanner;
public class Test09_update2 {
/**
select select * from emp
update update myemp set sal = sal+? where deptno = ?
delete delete myemp where deptno = ? and sal = ?
- @throws ClassNotFoundException
- @throws SQLException
*/
public static void main(String[] args) throws ClassNotFoundException, SQLException {
Scanner sc = new Scanner(System.in);
System.out.println(“input:”);
int s = sc.nextInt();
int deptno = sc.nextInt();
Class.forName("oracle.jdbc.OracleDriver");//加载类到jvm Connection conn = DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:ORCL", "scott", "123456");//获取数据库连接 //PreparedStatement pst = conn.prepareStatement("update myemp set sal = sal+" + s + "where deptno =" + deptno); PreparedStatement pst = conn.prepareStatement("update myemp set sal = sal + ? where deptno = deptno"); pst.setInt(1, s); pst.setInt(2, deptno); int rs = pst.executeUpdate(); System.out.println("OK!!"+conn); //关闭资源 pst.close(); conn.close();//必须关 } }
- oracle防止sql注入
- Oracle SQL注入常用语句
- SQL注入--Oracle
- Oracle-JDBC常用接口,PreparedStatement的使用,PreparedStatement防止SQL注入,JdbcUtil工具类,修改Eclipse编辑器的工作空间编码
- Oracle 使用PreparedStatement防止SQL注入
- Oracle 使用PreparedStatement防止SQL注入
- Oracle 使用PreparedStatement防止SQL注入
- Oracle Jdbc 防sql注入
- oracle参数查询避免SQL注入
- Oracle的SQL注入
- Oracle SQL注入命令总结
- oracle 通过jdbc预编译sql防止sql注入。预编译的具体方法
- 关于利用oracle自带功能防止SQL注入的方法
- Oracle学习总结(6)—— SQL注入技术
- Oracle学习总结(6)—— SQL注入技术
- windows 7 64bit 安装oracle 10g
- Oracle执行计划详解
- ORACLE中字符型与数字型的类型转换
- Oracle常用命令
- oracle 设置用户密码永不过期