SQL注入 SQL注入sql存在漏洞，会被攻击导致数据泄露,SQL会被拼接 orimport com.sw.kuangshen.utils.JdbcUtils; import java.sql.Connection; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; /** * @Author suaxi * @Date 2020/11/9 9:57 */ public class SQlzhuru { public static void main(String[] args) { //login("sunxiaochuan","12345");正常登录 login(" 'or '1=1"," 'or '1=1"); //技巧 } //登录 public static void login(String username,String passwd){ Connection conn = null; Statement st = null; ResultSet rs =null; try { conn = JdbcUtils.getConnection(); //获取数据库连接 st = conn.createStatement(); //获得SQL的执行对象 //SELECT * FROM users WHERE `name`='sunxiaochuan' AND `passwd`='12345'; //SELECT * FROM users WHERE `name`='' or '1=1' AND `passwd`='' or '1=1'; String sql = "SELECT * FROM users WHERE `name`='"+username+"' AND `passwd`='"+passwd+"'"; rs = st.executeQuery(sql); //查询完毕会返回一个结果集 while (rs.next()){ System.out.println(rs.getString("name")); System.out.println(rs.getString("passwd")); System.out.println("================="); } } catch (SQLException e) { e.printStackTrace(); }finally { JdbcUtils.release(conn,st,rs); } } }