基本的JDBC使用:

package demo;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement; import org.junit.Test; /**
* 测试查询所有用户的类
*
*/
public class QueryAll { @Test
public void testQueryAll(){
Connection conn= null;
Statement stmt = null;
ResultSet rs = null;
try {
//1.注册驱动
Class.forName("com.mysql.jdbc.Driver");
//2.获取连接
String url ="jdbc:mysql://localhost:3306/mybase";
String username="root";
String password="xuyiqing";
conn = DriverManager.getConnection(url,username,password);
//3.获取执行sql语句对象
stmt = conn.createStatement();
//4.编写sql语句
String sql = "select * from user";
//5.执行sql语句
rs = stmt.executeQuery(sql);
//6.处理结果集
while(rs.next()){
System.out.println("用户名:"+rs.getString(2)+" 密码:"+rs.getString("upassword"));
}
} catch (Exception e) {
e.printStackTrace();
}finally{
if(rs!=null)
try {
rs.close();
} catch (SQLException e) {
e.printStackTrace();
}
if(stmt!=null)
try {
stmt.close();
} catch (SQLException e) {
e.printStackTrace();
}
if(conn!=null)
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}

接下来分析SQL注入问题:

数据库准备:

CREATE DATABASE mybase;
USE mybase;
CREATE TABLE users(
uid INT PRIMARY KEY AUTO_INCREMENT,
username VARCHAR(64),
upassword VARCHAR(64)
);
INSERT INTO users (username,upassword) VALUES("zhangsan","123"),("lisi","456"),("wangwu","789");
SELECT * FROM users;

JDBC代码:

package demo;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement; import org.junit.Test; public class TestLogin { @Test
public void testLogin() {
try {
login("zhangsan", "123");
} catch (Exception ex) {
ex.printStackTrace();
}
} public void login(String username, String password) throws Exception {
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/mybase";
String usern = "root";
String pwd = "xuyiqing";
Connection conn = DriverManager.getConnection(url, usern, pwd);
Statement stmt = conn.createStatement();
String sql = "select * from users where " + "username='" + username + "'and upassword='" + password + "'";
ResultSet rs = stmt.executeQuery(sql);
if (rs.next()) {
System.out.println("登录成功");
System.out.println(sql);
} else {
System.out.println("账号或密码错误!");
}
if (rs != null) {
rs.close();
}
if (stmt != null) {
stmt.close();
}
if (conn != null) {
conn.close();
}
}
}

这时候运行,输出:

登录成功
select * from users where username='zhangsan'and upassword='123'

如果这样:

            login("zhangsan", "1234");

输出:

账号或密码错误!

但是,如果这样做:

    @Test
public void testLogin() {
try {
login("zhangsan' or 'zhangsan", "666");
} catch (Exception ex) {
ex.printStackTrace();
}
}

输出却是登录成功!:

登录成功
select * from users where username='zhangsan' or 'zhangsan'and upassword='666'

明显数据库中没有这个用户和相应的密码,但是登录成功,这里就是简单的SQL注入攻击

解决办法:

1.分开验证,先判断用户存在否

2.预处理对象,使用如下的方法:

package demo;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import org.junit.Test; public class TestLogin { @Test
public void testLogin() {
try {
login("zhangsan' or 'zhangsan", "666");
} catch (Exception ex) {
ex.printStackTrace();
}
} public void login(String username, String password) throws Exception {
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/mybase";
String usern = "root";
String pwd = "xuyiqing";
Connection conn = DriverManager.getConnection(url, usern, pwd);
String sql = "select * from users where username=? and upassword=?";
PreparedStatement pstmt = conn.prepareStatement(sql);
pstmt.setString(1, username);
pstmt.setString(2, password);
ResultSet rs = pstmt.executeQuery();
if (rs.next()) {
System.out.println("登录成功");
System.out.println(sql);
} else {
System.out.println("账号或密码错误!");
}
if (rs != null) {
rs.close();
}
if (pstmt != null) {
pstmt.close();
}
if (conn != null) {
conn.close();
}
}
}

这时候输出的账号或密码错误,解决了上边的SQL注入问题

05-11 20:18