例:假设一个账户密码的输入在数据库中是这样进行判断的. ' ) AS PWDCORRECT FROM T_USER WHERE FUSER= 'GUEST' 如果输入: ') AS PWDCORRECT FROM T_USER WHERE FUSER='ABC' 因为 ‘1’=‘1’ 永远返回的是true 所以 这就造成了SQL 的注入漏洞. 解决办法: ①:过滤敏感字符 if(user.contains("or","and","select",
<select id="findUsersByUserName2" resultType="java.util.Map" parameterType="Params"> SELECT id as uid, username as uname, password as pwd, account as act, telephone, idcard, create_time as createTime, is_delete as isDel