java sql
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Savepoint;
import java.sql.Statement;
import com.mysql.jdbc.Driver;
public class Sqltest {
private final static String DRIVER="com.mysql.jdbc.Driver";
private final static String URL = "jdbc:mysql://127.0.0.1:3306/signin";
private final static String USERNAME = "root";
private final static String PASSWORD = "21424019";
public static void main(String[] args) {
// TODO Auto-generated method stub
try {
Driver driver = (Driver)Class.forName(DRIVER).newInstance();
DriverManager.registerDriver(driver);
Connection con = DriverManager.getConnection(URL, USERNAME, PASSWORD);
con.setAutoCommit(false);
//String sql="select user_id from `test`.`new_table` where user_id=";
String sql="insert into test.new_table(user_id,password) values(?,?)";
String sql2=" and password=";
String user_id1="harry1",password1="123456";
String user_id2="'potter1' or '1'='1'--";
String password2="'23456790'";
StringBuffer sb=new StringBuffer();
sb.append(sql);
sb.append(user_id1);
sb.append(sql2);
sb.append(password1);
PreparedStatement preparestatement = con.prepareStatement(sql);
preparestatement.setString(1,user_id1);
preparestatement.setString(2, password1);
Savepoint svpt=con.setSavepoint();
int lines=preparestatement.executeUpdate();
if(lines>=1)
{
System.out.println(lines);
con.rollback();
//con.rollback(svpt);
}
con.commit();
con.releaseSavepoint(svpt);
/*Statement statement = con.createStatement();
System.out.println("sql: "+sb.toString());
ResultSet result= statement.executeQuery(sb.toString());
while(result.next())
{
System.out.println("USER_ID1");
System.out.println(result.getString(1));
}
sb.setLength(0);
sb.append(sql);
sb.append(user_id2);
sb.append(sql2);
sb.append(password2);
ResultSet result2 = statement.executeQuery(sb.toString());
while(result2.next())
{
System.out.println("USER_ID2");
System.out.println(result2.getString(1));
}*/
} catch (InstantiationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IllegalAccessException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (ClassNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
最新文章
- 细谈WEB标准
- JS正则获取参数值
- ZOJ 1047 Image Perimeters
- 使用notiy和wait模拟阻塞队列
- 通俗易懂的讲解iphone视图控制器的生命周期
- 【Away3D代码解读】(三):渲染核心流程(渲染)
- dataGridView控件--未将对象引用设置添加到对象的实例
- 【MINA】用mina做业务服之间的通信,实现业务负载均衡思路
- poi导出word
- 绝对好文C#调用C++DLL传递结构体数组的终极解决方案
- win10 uwp 兴趣线
- [ABP]浅谈工作单元 在整个 ABP 框架当中的应用
- DSAPI 调用串口选择界面
- C# 树状图
- Python 类的式列化过程解剖
- __get__ __set__ __delete__描述符
- UVALive - 6185 Find the Outlier暴力填表+高斯消元+卡eps
- 微信小程序之富文本解析
- Matlab 7.1安装及打不开问题解决
- REST Framework 的分页