MySQL--05
时间:2021-07-01 10:21:17
帮助过:4人阅读
space.urbeautiful.utils;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
public class Login {
public static void main(String[] args) {
log("‘ or ‘ 1=1","‘ or ‘1=1"
);
}
public static void log(String username,String password){
Connection conn =
null;
Statement stat =
null;
ResultSet rs =
null;
try {
conn =
JdbcUtils.getConn();
stat =
conn.createStatement();
String sql = "select * from userlogin where uname = ‘"+username+"‘ and password = ‘"+password+"‘"
;
rs =
stat.executeQuery(sql);
while(rs.next()){
System.out.println(rs.getString("uname"
));
System.out.println(rs.getString("password"
));
}
} catch (SQLException e) {
e.printStackTrace();
}finally{
JdbcUtils.release(conn,stat,rs);
}
}
}
解决的办法就是不适用Statement 使用PrepareStatement
MySQL--05
标签:creates uname query connect mysq void null mysql cep
