package com.bjsxt.jdbc;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.sql.Statement;
/*测试SQL执行语句,以及SQL注入问题
*试了很多修改方法都不行,比如:我在eclipse中把id改成整型int...,或把"5"的引号去掉,都不行。(String id = "5 or 1=1";是测试恶意数据的)
* */
public class Demo02 {
public static void main(String[] args){
try {
//加载驱动类
Class.forName("com.mysql.jdbc.Driver");
//建立连接
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/testjdbc","root","admin");
Statement stmt = conn.createStatement();
** **_ //测试sql注入 _****
String id = "5 or 1=1";
String sql = "delete from t_user where id="+id;
stmt.execute(sql);
/*试了很多修改方法都不行,比如:我在eclipse中把id改成整型int...,或把"5"的引号去掉,都不行。(String id = "5 or 1=1";是测试恶意数据的)
都不行!!* */
} catch (ClassNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
