在演示sql注入问题演示的时候,发现有个问题,但是自己弄不明白,请教各位大佬
public static void login() {
String name = "柳岩' -- ";
String id = "1";//模拟密码
Connection conn = null;
Statement st = null;
ResultSet rst = null;
try {
conn = JDBCUtils01.getConnection();
st = conn.createStatement();
rst = st.executeQuery("select * from user where name = '" + name + "'and id ='" + id+"'");
//处理结果集
while (rst.next()) {
int u_id = rst.getInt(1);
String u_name = rst.getString("name");
}
if (rst.next()) {
System.out.println("登录成功,欢迎您 " + rst.getString("name"));
} else {
System.out.println("用户名或者密码错误");
}
} catch (Exception e) {
e.printStackTrace();
} finally {
JDBCUtils01.release(conn,st,rst);
}
}
while (rst.next())是之前写错的,忘记删,演示的时候发现当while存在的时候就会报用户名错误,注释掉就可以了。
求指点~
