在之前提到过Statement的三个问题
用PreparedStatement解决sql注入
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.PreparedStatement;
import java.util.Scanner;
public class TestPreParedStatement2 {
public static void main(String [] args) throws Exception{
Scanner input = new Scanner(System.in);
System.out.println("请输入名字");
String ename = input.nextLine();
Class.forName("com.mysql.jdbc.Driver");
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/1205db","root","123456");
String sql = "select * from t_employee where ename = ?";
PreparedStatement pst = conn.prepareStatement(sql);
pst.setObject(1, ename);
ResultSet rs = pst.executeQuery();
while(rs.next()){
for(int i=1;i<=10;i++){
System.out.print(rs.getObject(i)+"\t");
}
System.out.println();
}
rs.close();
pst.close();
conn.close();
input.close();
}
}
换为sql注入:
没有任何回应,再换一个:
还是没有任何的反应。