Statement缺点 作者:马育民 • 2020-08-12 14:49 • 阅读:10097 废弃,详见:[SQL注入与Statement缺点](https://www.malaoshi.top/show_1IX2aMXBCjLn.html "SQL注入与Statement缺点") ======================================== 在登录时会发生sql注入 ``` import java.sql.Connection; import java.sql.DriverManager; import java.sql.ResultSet; import java.sql.Statement; public class SQL注入 { public static void main(String[] args) throws Exception { // TODO Auto-generated method stub String url = "jdbc:mysql://127.0.0.1:3308/scott?useSSL=false"; // 正常的用户名、密码 // String username = "lilei"; // String password = "123456"; // sql注入 String username = "' or 1=1 #"; String password = ""; // 加载驱动 Class.forName("com.mysql.jdbc.Driver"); Connection conn = DriverManager.getConnection(url, "root", ""); Statement stmt = conn.createStatement(); String sql = "SELECT * FROM USER WHERE username='" + username + "' and password='"+ password + "'"; System.out.println(sql); ResultSet rs = stmt.executeQuery(sql); if (rs.next()) { String id = rs.getString(1); Object name = rs.getObject(2); Object passowrd = rs.getObject(3); System.out.println("登录成功!"); System.out.println(id + "," + name + "," + passowrd); } else {// 没有查询到此用户、密码,说明登录失败 System.out.println("输入用户名或密码错误,请重新输入!"); } conn.close(); } } ``` 原文出处:http://malaoshi.top/show_1EF63mLv7JCM.html