JDBC编程,第三种写法,模拟登陆系统(解决第二种写法中SQL注入的问题)
1、还是一样,利用PowerDesigner建表;
drop table if exists t_user;
/*==============================================================*/
/* Table: t_user */
/*==============================================================*/
create table t_user
(
id bigint auto_increment,
loginName varchar(255),
loginPwd varchar(255),
realName varchar(255),
primary key (id)
);
insert into t_user(loginName,loginPwd,realName) values('***','***','***');
insert into t_user(loginName,loginPwd,realName) values('***','***','***');
commit;
select * from t_user;
2、完整代码:
import com.mysql.jdbc.Driver;
import java.sql.*;
import java.util.HashMap;
import java.util.Map;
import java.util.Scanner;
public class Test{
public static void main(String[] args) {
//初始化界面
Map<String,String> userLoginInfo = initUI();
//验证用户名和密码
boolean loginSuccess = login(userLoginInfo);
//输出结果
System.out.println(loginSuccess ? "登录成功" : "登录失败");
}
/**
* 用户登录
* @param userLoginInfo 用户登录信息
* @return false表示失败,true表示成功
*/
private static boolean login(Map<String, String> userLoginInfo) {
boolean loginSuccess = false;
//JDBC准备
Connection connection = null;
//预编译的数据库操作对象PreparedStatement
PreparedStatement preparedStatement = null;
ResultSet resultSet = null;
try {
//1、注册驱动
Class.forName("com.mysql.jdbc.Driver");
// 2、获取连接
connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/数据库","root","****");
// 3、获取预编译的数据库操作对象
//sql框架
String sql= "select * from t_user where loginName = ? and loginPwd = ?";
//把带有占位符的sql语句传入操作对象
preparedStatement = connection.prepareStatement(sql);
//给占位符传值,下标从1开始
preparedStatement.setString(1,userLoginInfo.get("userName"));
preparedStatement.setString(2,userLoginInfo.get("userPwd"));
//4、执行sql
resultSet= preparedStatement.executeQuery();
//5、处理结果集
if (resultSet.next()){
loginSuccess = true;
}
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
} finally {
//6、释放资源
if (resultSet != null) {
try {
resultSet.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (preparedStatement != null) {
try {
preparedStatement.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (connection != null) {
try {
connection.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
return loginSuccess;
}
/**
* 初始化用户界面
* @return 用户输入的用户名和密码
*/
private static Map<String, String> initUI() {
Scanner s = new Scanner(System.in);
System.out.println("请输入用户名:");
String userName = s.nextLine();
System.out.println("请输入密码:");
String userPwd = s.nextLine();
Map<String,String> userLoginInfo = new HashMap<>();
userLoginInfo.put("userName",userName);
userLoginInfo.put("userPwd",userPwd);
return userLoginInfo;
}
}
3、结果显示;
image
image
4、阻止SQL注入
3.png
private static Map<String, String> initUI() {
Scanner s = new Scanner(System.in);
System.out.println("请输入用户名:");
String userName = s.nextLine();
System.out.println("请输入密码:");
String userPwd = s.nextLine();
Map<String,String> userLoginInfo = new HashMap<>();
userLoginInfo.put("userName",userName);
userLoginInfo.put("userPwd",userPwd);
return userLoginInfo;
}
网友评论