相信大家對于SQL注入這種東西并不陌生!

仍記得很久以前嘗試利用SQL注入登錄系統的時候.....

什么是SQL注入呢?

其實就是用戶輸入的內容作為SQL語句語法的一部分,從而改變程序內原有設定的SQL的真正意義

下面就以案例的形式為大家演示SQL注入的過程:

一.案例展示

1.測試準備

• ①MySql數據庫一枚
• ②database名為mysqlstudy,且表尾admin
• ③maven創建的webapp項目工程

2.代碼展示:

***pom.xml

<properties><project.build.sourceEncoding>UTF-8</project.build.sourceEncoding><maven.compiler.source>1.8</maven.compiler.source><maven.compiler.target>1.8</maven.compiler.target></properties><dependencies><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId><version>5.1.46</version></dependency><dependency><groupId>junit</groupId><artifactId>junit</artifactId><version>4.12</version></dependency><dependency><groupId>javax.servlet</groupId><artifactId>javax.servlet-api</artifactId><version>3.1.0</version></dependency><dependency><groupId>javax.servlet.jsp</groupId><artifactId>javax.servlet.jsp-api</artifactId><version>2.3.1</version></dependency><dependency><groupId>javax.servlet</groupId><artifactId>jstl</artifactId><version>1.1.2</version></dependency></dependencies>

***index.jsp

<%--Created by IntelliJ IDEA.User: WHWDate: 2019/8/5Time: 19:49To change this template use File | Settings | File Templates. --%> <%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head><title>測試SQL注入</title> </head> <body><fieldset><form action="/us" method="post">用戶名:<input type="text" name="username"/><br/>密　碼:<input type="text" name="password"/><br/><input type="button" value="Login"></form></fieldset> </body> </html>

***Admin.java

package com.howie.pojo;/*** @Author weihuanwen* @Date 2019/8/5 19:18* @Version 1.0*/ public class Admin {private int id;private String username;private String password;public int getId() {return id;}public void setId(int id) {this.id = id;}public String getUsername() {return username;}public void setUsername(String username) {this.username = username;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}@Overridepublic String toString() {return "admin{" +"id=" + id +", username='" + username + '\'' +", password='" + password + '\'' +'}';} }

***JDBCUtils.java

package com.howie.utils;import java.sql.*;/*** @Author weihuanwen* @Date 2019/8/5 18:11* @Version 1.0*/ public class JDBCUtils {//1.數據庫驅動信息private static String driver = "com.mysql.jdbc.Driver";//2.數據庫連接信息private static String url ="jdbc:mysql://localhost:3306/mysqlstudy?characterEncoding=utf8";private static String username = "root";private static String password = "root";//3.靜態代碼塊用于獲取MySql驅動static {try {Class.forName("com.mysql.jdbc.Driver");} catch (ClassNotFoundException e) {e.printStackTrace();}}/*** 4.工具提供獲取數據庫連接的方法* @return*/public static Connection getConnection() throws SQLException {//5.獲取數據庫連接并返回return DriverManager.getConnection(url, username, password);}/*** 5.釋放資源* @param rs 結果集* @param stat sql執行者* @param conn 數據庫連接對象*/public static void closeResource(ResultSet rs, Statement stat,Connection conn){if (rs != null){try {rs.close();} catch (SQLException e) {e.printStackTrace();}}if (stat != null){try {stat.close();} catch (SQLException e) {e.printStackTrace();}}if (conn != null){try {conn.close();} catch (SQLException e) {e.printStackTrace();}}} }

***UserServlet.java

package com.howie.vertify;import com.howie.pojo.Admin;import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.Map;/*** @Author weihuanwen* @Date 2019/8/5 19:14* @Version 1.0*/ @WebServlet("/us") public class UserServlet extends HttpServlet {@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {Map<String, String[]> parameterMap = req.getParameterMap();Admin admin = new Admin();for (String fieldName : parameterMap.keySet()) {if ("username".equals(fieldName)){admin.setUsername(parameterMap.get(fieldName)[0]);}if ("password".equals(fieldName)){admin.setPassword(parameterMap.get(fieldName)[0]);}}VertifyAuthority va = new VertifyAuthority();if (va.vertify(admin)){resp.getWriter().write("Login Success!");}else {resp.getWriter().write("Login Failed!");}}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {doGet(req,resp);} }

***VertifyAuthority.java

package com.howie.vertify;import com.howie.pojo.Admin; import com.howie.utils.JDBCUtils;import java.sql.Connection; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement;/*** @Author weihuanwen* @Date 2019/8/5 19:25* @Version 1.0*/ public class VertifyAuthority {public boolean vertify(Admin admin){try {Connection conn = JDBCUtils.getConnection();Statement stat = conn.createStatement();String sql = "SELECT * FROM `admin` WHERE `username`='"+admin.getUsername()+"' and `password`='"+admin.getPassword()+"'";ResultSet rs = stat.executeQuery(sql);if (rs.next()){return true;}} catch (SQLException e) {e.printStackTrace();}return false;} }

3.測試:

①啟動項目在前端頁面中輸入數據庫中已存在的用戶名和密碼

②登錄結果如下:

③輸入數據庫中不存在的用戶名,且密碼輸入:[whatever' or 'a'='a]

④登錄結果如下:

4.總結:

用戶可以通過輸入改變程序設計的sql語句的原本含義

二.預防SQL注入

1.代碼修改

***VertifyAuthority.java

package com.howie.vertify;import com.howie.pojo.Admin; import com.howie.utils.JDBCUtils;import java.sql.*;/*** @Author weihuanwen* @Date 2019/8/5 21:09* @Version 1.0*/ public class VertifyAuthority {public boolean vertify(Admin admin){try {Connection conn = JDBCUtils.getConnection();//sql語句中使用占位符String sql = "SELECT * FROM `admin` WHERE `username`=? and `password`=?";//獲取sql語句預處理對象PreparedStatement ps = conn.prepareStatement(sql);//設置第一個占位符的值ps.setObject(1,admin.getUsername());//設置第二個占位符的值ps.setObject(2,admin.getPassword());//執行查詢ResultSet rs = ps.executeQuery();if (rs.next()){return true;}} catch (SQLException e) {e.printStackTrace();}return false;} }

2.測試

①輸入數據庫中不存在的用戶名,且密碼輸入:[whatever' or 'a'='a]

②登錄結果如下:

3.總結:

preparedStatement 會將sql語句預先編譯,并且可以過濾掉用戶的輸入的關鍵字

總結

以上是生活随笔為你收集整理的MySql之Sql注入的产生与预防的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。