SQL injection of web security

SQL Injection Vulnerability

The SQL injection attack is a security risk caused by the imperfect invocation scheme of SQL statement. Once the application is in the presence of a SQL injection vulnerability, it can have an impact:
-The contents of the database are stolen by the outside world
-Database contents have been tampered with
-Login authentication is bypassed
-Other, such as files on the server being read or modified, programs on the server are
The root cause of the SQL injection vulnerability is that the string part that is specified as a parameter is excluded from the literal, causing the SQL statement to change.

Preventive measures
Use placeholders to stitch SQL statements.
Placeholders are divided into static placeholders and dynamic placeholders according to the implementation method. In theory, static placeholders can completely snack on the possibility of a SQL injection vulnerability, using static placeholders as much as possible.

Java+mysql Secure Connection mode
Java connects the database to MySQL using the JDBC-driven mysqlconnector/j. This combination uses the dynamic placeholder by default, so modify the following code to use a static placeholder for the bit.

Connection conn = DriverManager.getConnection("jdbc:mysql://localhost/dbname?user=xxx&password=xxx&userServerPrepStmts=true&useUnicode=true&characterEncoding=utf-8")

SQL injection of web security