Application of the Statement interface (there is an injection risk of SQL statements)

Enables simple sign-in functionality

Import Java.sql.connection;import java.sql.drivermanager;import java.sql.resultset;import java.sql.SQLException;    Import Java.sql.statement;public class Jdbcfindall {private static final String jdbcname= "Com.mysql.jdbc.Driver";    private static final String url= "jdbc:mysql://127.0.0.1:3306/emp_dept";    private static final String user= "root";    private static final String password= "123456"; /* * A Class (Drivermaneger) four interfaces (Connection, PreparedStatement, ResultSet, Statement) * */public static void main (Stri        Ng[] (args) {//TODO auto-generated method stub Connection conn=null;            try {class.forname (jdbcname);            Conn=drivermanager.getconnection (URL, user, password); Logon action String usr= "Aaawfwfwfwfw ' or 1 #";                        The risk of SQL injection is String pwd= "334343343434";            String sql= "Select id,usr,pwd from user where usr= '" +usr+ "' and pwd= '" +pwd+ "'"; Statement st=conn.createstatement();            ResultSet rs=st.executequery (SQL); if (Rs.next ()) {System.out.println ("Login Successful! Go to the main page!            "); }else{System.out.println ("User name or password is wrong! Login failed!            ");        }} catch (Exception e) {e.printstacktrace ();            } finally {try {conn.close ();            } catch (SQLException e) {//TODO auto-generated catch block E.printstacktrace (); }        }    }}

There is a risk of SQL injection in the following red section

The SQL statements appear as:

Query results such as: (Show all the results of the query)

In this case, the user does not know the user name and password in the case of easy login success. So do not use the statement interface, with the PreparedStatement interface.

Application of the Statement interface (there is an injection risk of SQL statements) (RPM)