版权声明:. https://blog.csdn.net/WildestDeram/article/details/89693150
SQL注入漏洞指的是在已知用户名但不知道密码的情况下,还能登陆。
package com.dream.demo4;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
import org.junit.Test;
import com.jdbc.dream.utils.JDBCutils;
public class JDBCDemo {
@Test
public void demo() {
boolean flag = JDBCDemo.login("aaa' or '1=1", "sadfsfsdf");
if(flag) {
System.out.println("登陆成功");
}else {
System.out.println("登陆失败");
}
}
public static boolean login(String username,String password) {
Connection conn = null;
Statement stat = null;
ResultSet res = null;
boolean flag = false;
try {
conn = JDBCutils.getConnection();
stat = conn.createStatement();
// 编写SQL语句
String sql = "select * from user where username ='"+username+"' and password ='"+password+"'";
res = stat.executeQuery(sql);
if(res.next()) {
flag = true;
}else {
flag = false;
}
} catch (Exception e) {
} finally {
JDBCutils.release(res, conn, stat);
}
return flag;
}
}
即使密码乱输入也能够登陆成功,这就是SQL注入漏洞,用户可以在文本框中输入aaa' or '1=1。这样就能随意登陆成功了。
SQL注入漏洞产生的根本原因是字符串拼接。
/**
* 避免SQL注入漏洞的方法
*/
public static boolean login2(String username,String password) {
Connection conn = null;
PreparedStatement pre = null;
ResultSet res = null;
boolean flag = false;
try {
conn = JDBCutils.getConnection();
// 编写SQL语句 固定了SQL语句的格式
String sql = "select * from user where username ? and password ?";
// 预处理SQL
pre = conn.prepareStatement(sql);
// 设置参数
pre.setString(1, username);
pre.setString(2, password);
// 执行SQL
res = pre.executeQuery();
if(res.next()) {
flag = true;
}else {
flag = false;
}
} catch (Exception e) {
// TODO: handle exception
} finally {
if(conn!=null) {
try {
conn.close();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
conn=null;
}
if(pre!=null) {
try {
pre.close();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
pre=null;
}
if(res!=null) {
try {
res.close();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
res=null;
}
}
return flag;
}