1 package com.yxfyg.dao.impl; 2 3 import java.sql.Connection; 4 import java.sql.PreparedStatement; 5 import java.sql.ResultSet; 6 import java.sql.SQLException; 7 import java.sql.Statement; 8 9 import com.yxfyg.dao.UserDao; 10 import com.yxfyg.util.JDBCUtil; 11 12 public class UserDaoImpl implements UserDao{ 13 14 @Override 15 public void login(String username,String password) { 16 Connection conn = null; 17 Statement st = null; 18 ResultSet rs = null; 19 try { 20 conn = JDBCUtil.getConn(); 21 st = conn.createStatement(); 22 String sql = "select * from user where username = '" + username + "' and password = '" + password + "'"; 23 rs = st.executeQuery(sql); 24 if(rs.next()) { 25 System.out.println("密码正确"); 26 }else { 27 System.out.println("密码错误"); 28 } 29 } catch (SQLException e) { 30 e.printStackTrace(); 31 }finally { 32 JDBCUtil.release(rs, st, conn); 33 } 34 } 35 36 @Override 37 public void loginUpdate(String username, String password) { 38 Connection conn = null; 39 PreparedStatement ps = null; 40 ResultSet rs = null; 41 try { 42 conn = JDBCUtil.getConn(); 43 String sql = "select * from user where username = ? and password = ?"; 44 //预先对SQL语句进行语法校验,占位符对应的内容都会被看成字符串 45 ps = conn.prepareStatement(sql); 46 //占位符对应的索引从1开始 47 ps.setString(1, username); 48 ps.setString(2, password); 49 rs = ps.executeQuery(); 50 if(rs.next()) { 51 System.out.println("密码正确"); 52 }else { 53 System.out.println("密码错误"); 54 } 55 } catch (SQLException e) { 56 e.printStackTrace(); 57 }finally { 58 JDBCUtil.release(rs,ps,conn); 59 } 60 } 61 }
JDBC中由Statement对象引起的安全问题及解决
猜你喜欢
转载自www.cnblogs.com/yxfyg/p/12759358.html
今日推荐
周排行