public class Demo2 {
public static void main(String[] args) {
try {
Class.forName("com.mysql.jdbc.Driver");
Connection conn=DriverManager.getConnection("jdbc:mysql://localhost:3306/test","root","dyl123");
//使用statement接口实现简单sql调用
Statement stmt=conn.createStatement();
String sql="insert into t_user(username,pwd,regTime) values (‘赵六‘,66666,now()) ";
//传入外界参数,需要拼字符串
String name="钱七";
String sql2="insert into t_user(username,pwd,regTime) values(‘"+name+"‘,6666,now())";
stmt.execute(sql);
stmt.execute(sql2);
//sql注入,传参的几种拼接方式,如果代码传参有问题,则数据库会被侵入
String id="4";
String sql3="delete from t_user where id=4";
String sql4="delete from t_user where id=‘"+id+"‘";
String sql5="delete from t_user where id="+id;
stmt.execute(sql4);
} catch (SQLException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
}
}
原文地址:https://blog.51cto.com/14437184/2440756