1. 注入
2 . 预防
- package com.jdbc;
- import java.sql.*;
- import java.util.Scanner;
- public class loginDemo {
- public static void main(String[] args)throws ClassNotFoundException, SQLException {
- //1. 注册驱动
- Class.forName("com.mysql.jdbc.Driver");
- //2. 连接
- String url = "jdbc:mysql://localhost:3306/zfj";
- String username = "root";
- String password = "root";
- Connection con = DriverManager.getConnection(url,username,password);
- //3. 语句执行对象 (执行 sql) 返回值 Statement
- //Statement stat = con.createStatement();
- Scanner sc = new Scanner(System.in);
- String user = sc.nextLine();
- String pas = sc.nextLine();
- //4. 执行 sql 查询 select
- String sql = "SELECT * FROM user where user_name= ? AND user_sex=?";
- // 防止注入
- PreparedStatement pst = con.prepareStatement(sql);
- pst.setObject(1,user);
- pst.setObject(2,pas);
- System.out.println(sql);
- ResultSet rs = pst.executeQuery();
- // 处理结果集
- while (rs.next()){
- // 获取每列的的数据
- System.out.println(rs.getString("id")+""+rs.getString("user_name")+" "+rs.getString("user_age")+" "+rs.getString("user_sex"));
- }
- //5. 释放资源
- rs.close();
- pst.close();
- con.close();
- }
- }
来源: http://www.bubuko.com/infodetail-3078308.html