• java sql

    import java.sql.Connection;
    import java.sql.DriverManager;
    import java.sql.PreparedStatement;
    import java.sql.ResultSet;
    import java.sql.SQLException;
    import java.sql.Savepoint;
    import java.sql.Statement;

    import com.mysql.jdbc.Driver;

    public class Sqltest {

    private final static String DRIVER="com.mysql.jdbc.Driver";
    private final static String URL = "jdbc:mysql://127.0.0.1:3306/signin";
    private final static String USERNAME = "root";
    private final static String PASSWORD = "21424019";
    public static void main(String[] args) {
    // TODO Auto-generated method stub
    try {
    Driver driver = (Driver)Class.forName(DRIVER).newInstance();
    DriverManager.registerDriver(driver);
    Connection con = DriverManager.getConnection(URL, USERNAME, PASSWORD);
    con.setAutoCommit(false);
    //String sql="select user_id from `test`.`new_table` where user_id=";
    String sql="insert into test.new_table(user_id,password) values(?,?)";
    String sql2=" and password=";
    String user_id1="harry1",password1="123456";
    String user_id2="'potter1' or '1'='1'--";
    String password2="'23456790'";
    StringBuffer sb=new StringBuffer();
    sb.append(sql);
    sb.append(user_id1);
    sb.append(sql2);
    sb.append(password1);
    PreparedStatement preparestatement = con.prepareStatement(sql);
    preparestatement.setString(1,user_id1);
    preparestatement.setString(2, password1);
    Savepoint svpt=con.setSavepoint();
    int lines=preparestatement.executeUpdate();
    if(lines>=1)
    {
    System.out.println(lines);
    con.rollback();
    //con.rollback(svpt);
    }

    con.commit();

    con.releaseSavepoint(svpt);
    /*Statement statement = con.createStatement();
    System.out.println("sql: "+sb.toString());
    ResultSet result= statement.executeQuery(sb.toString());
    while(result.next())
    {
    System.out.println("USER_ID1");
    System.out.println(result.getString(1));
    }
    sb.setLength(0);
    sb.append(sql);
    sb.append(user_id2);
    sb.append(sql2);
    sb.append(password2);
    ResultSet result2 = statement.executeQuery(sb.toString());
    while(result2.next())
    {
    System.out.println("USER_ID2");
    System.out.println(result2.getString(1));
    }*/
    } catch (InstantiationException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
    } catch (IllegalAccessException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
    } catch (ClassNotFoundException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
    } catch (SQLException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
    }
    }

    }
  • 相关阅读:
    mysql 初始密码 设置
    jsp基础知识(基本的语法及原理)
    hdu 2473 Junk-Mail Filter (并查集之点的删除)
    java版本的学生管理系统
    java操作数据库出现(][SQLServer 2000 Driver for JDBC]Error establishing socket.)的问题所在即解决办法
    Java学习之约瑟夫环的两中处理方法
    hdu 3367(Pseudoforest ) (最大生成树)
    hdu 1561 The more, The Better (树上背包)
    Nginx + Lua 搭建网站WAF防火墙
    长连接和短连接
  • 原文地址:https://www.cnblogs.com/earendil/p/4509667.html
Copyright © 2020-2023  润新知