网站导航
> 文章列表 > JDBC MySQL ORM 实现登录功能(避免SQL注入)

JDBC MySQL ORM 实现登录功能(避免SQL注入)

网友: 文章列表 2024-03-21 21:48:41

JDBC MySQL ORM 实现登录功能(避免SQL注入)

目录

一、创建数据库表

 二、创建Users类

 三、登录类

四、存在的漏洞

        (1)SQL注入

        (2)分析

        (3)补救

一、创建数据库表

        

CREATE DATABASE jdbcdatabase;CREATE TABLE IF NOT EXISTS `user`(
`uid` INT PRIMARY KEY AUTO_INCREMENT,
`username` VARCHAR(10) UNIQUE NOT NULL,
`password` VARCHAR(10) NOT NULL,
`phone` VARCHAR(11) 
);INSERT INTO `user`(`uid`,`username`,`password`,`phone`) VALUES(1001,'zhangsan','123456','13112345678');INSERT INTO `user`(`uid`,`username`,`password`,`phone`) VALUES(1002,'lisi','123456','13844445555');

 二、创建Users类

public class Users {// 存放从数据库取出的字段private int uid;private String username;private String password;private String phone;public Users() {}public Users(int uid, String username, String password, String phone) {this.uid = uid;this.username = username;this.password = password;this.phone = phone;}public Users(String username,String password){this.username = username;this.password = password;}/* 获取* @return uid*/public int getUid() {return uid;}/* 设置* @param uid*/public void setUid(int uid) {this.uid = uid;}/* 获取* @return username*/public String getUsername() {return username;}/* 设置* @param username*/public void setUsername(String username) {this.username = username;}/* 获取* @return password*/public String getPassword() {return password;}/* 设置* @param password*/public void setPassword(String password) {this.password = password;}/* 获取* @return phone*/public String getPhone() {return phone;}/* 设置* @param phone*/public void setPhone(String phone) {this.phone = phone;}public String toString() {return "Users{uid = " + uid + ", username = " + username + ", password = " + password + ", phone = " + phone + "}";}
}

 三、登录类

        (1)代码

                细节,流程都在注释里。

import java.sql.*;
import java.util.Scanner;public class Login {public static void main(String[] args) {// 1.加载驱动try {Class.forName("com.mysql.jdbc.Driver");} catch (ClassNotFoundException e) {throw new RuntimeException(e);}// 2.准备所需数据String url = "jdbc:mysql://127.0.0.1:3306/jdbcdatabase";String user = "root";String password = "123456";// 2.1 提示用户输入Scanner scanner = new Scanner(System.in);System.out.println("请输入账号:");String un = scanner.nextLine();System.out.println("请输入密码:");String pw = scanner.nextLine();// 2.2 创建Users对象接受数据Users users = new Users(un, pw);// 2.3写入SQL语句String sql = "select password from user where username = '" + users.getUsername() + "'";try (// 3.获取连接对象Connection connection = DriverManager.getConnection(url, user, password);// 4.获取发送对象Statement statement = connection.createStatement()) {// 5.执行SQLResultSet resultSet = statement.executeQuery(sql);// 6.判断是否存在该账号if (resultSet.next()){if (resultSet.getString(1).equals(pw)){System.out.println("登录成功!");}else{System.out.println("密码错误!");}}else {System.out.println("该账号不存在,请注册!");}} catch (SQLException e) {throw new RuntimeException(e);}}
}

        (2)运行结果图

 

 

四、存在的漏洞

        (1)SQL注入

                即,当输入账号时,特意将SQL关键字输入,找到其漏洞,进行非法登录,如

        当账号为     任意字母' or 1=1;#   ,密码为正确时,返回登录成功。

        (2)分析

                上述代码中的SQL语句为:

        "select password from user where username = '" + users.getUsername() + "'";

                当输入 f' or 1=1;#时,我们做一个替换,得到

        "select password from user where username = 'f' or 1=1;#'";

                解读为,从表user中查询password,过滤条件是当username为'f',或着 1=1,

        紧接着分号结束,#后面为注释则不执行,而1=1永远成立,所以查询结果返回所有密码

        当输入的密码正确时,就登录成功了。

        (3)补救

                使用prepareStatement()方法改写代码

import java.sql.*;
import java.util.Scanner;public class Login {public static void main(String[] args) {// 1.加载驱动try {Class.forName("com.mysql.jdbc.Driver");} catch (ClassNotFoundException e) {throw new RuntimeException(e);}// 2.准备所需数据String url = "jdbc:mysql://127.0.0.1:3306/jdbcdatabase";String user = "root";String password = "123456";// 2.1 提示用户输入Scanner scanner = new Scanner(System.in);System.out.println("请输入账号:");String un = scanner.nextLine();System.out.println("请输入密码:");String pw = scanner.nextLine();// 2.2 创建Users对象接受数据Users users = new Users(un, pw);// 2.3写入SQL语句 避免SQL注入 此处使用?占位符String sql = "select password from user where username = ?";try (// 3.获取连接对象Connection connection = DriverManager.getConnection(url, user, password);// 4.获取发送对象PreparedStatement preparedStatement = connection.prepareStatement(sql)) {// 5.给占位符赋值preparedStatement.setString(1,users.getUsername());// 5.执行SQLResultSet resultSet = preparedStatement.executeQuery();// 6.判断是否存在该账号if (resultSet.next()){if (resultSet.getString(1).equals(pw)){System.out.println("登录成功!");}else{System.out.println("密码错误!");}}else {System.out.println("该账号不存在,请注册!");}} catch (SQLException e) {throw new RuntimeException(e);}}
}

        运行结果:

 

 

 

 

网络标签:

相关问题