SQL injection vulnerability process example and solution

Code example:

public class JDBCDemo3 {
  public static void demo3_1(){
    boolean flag = login("aaa' OR ' ","1651561"); //If the username is known, this method can be used to log in successfully without knowing the password if (flag) {
      System.out.println("Login successful");
    }else{
      System.out.println("Login failed");
    }

  }
  public static boolean login(String username,String password){
    Connection conn=null;
    Statement stat=null;
    ResultSet rs=null;
    boolean flag=false;
    try {
      conn = JDBCUtils.getConnection();
      String sql="SELECT * FROM user WHERE username='"+username+"'AND password='"+password+"'"; //This is the key to the SQL injection vulnerability. Because it is a string concatenation, the query statement will become: SELECT * FROM user WHERE username='aaa' OR '' AND password='1651561'. This query statement can get a result set, so this vulnerability occursstat=conn.createStatement();
      rs=stat.executeQuery(sql);
      if(rs.next()){
        flag=true;
      }else{
        flag=false;
      }
    } catch (SQLException e) {
      e.printStackTrace();
    }
    return flag;
  }

Solution, use PrepareStatment:

public static void demo3_1(){
    boolean flag=login1("aaa' OR ' ","1651561");
    if (flag){
      System.out.println("Login successful");
    }else{
      System.out.println("Login failed");
    }

  }
  public static boolean login1(String username,String password){
    Connection conn=null;
    PreparedStatement pstat=null;
    ResultSet rs=null;
    boolean flag=false;

    try {
      conn = JDBCUtils.getConnection();
      String sql="SELECT * FROM user WHERE username=? AND password=?"; //Use ? instead of parameter, pre-set sql format, even if you enter sql keywords, sql will not recognize it pstat=conn.prepareStatement(sql);
      pstat.setString(1,username); //Set the value of the question mark pstat.setString(2,password);
      rs=pstat.executeQuery();
      if(rs.next()){
        flag=true;
      }else{
        flag=false;
      }
    } catch (SQLException e) {
      e.printStackTrace();
    }
    return flag;
  }
}

Using the above solution, it is impossible to successfully log in the user through the SQL injection vulnerability.

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:

The best solution to prevent SQL injection in PHP
Detailed explanation and solutions of common security issues in PHP development (such as SQL injection, CSRF, Xss, CC, etc.)
T-SQL: How to prevent SQL injection
Solution to batch injection of ASP+MSSQL2000 database
MySQL Proxy (Another way to solve injection)
Detailed explanation of alternative methods to solve SQL injection in MySQL
SQL injection principles and solution code examples
Solve SQL injection problems through ibatis
sqlserver database injection solution
SQL injection and how to solve it

<<: Vue implements file upload and download

>>: The problem and solution of using docker storage and causing Exit to cause files to fail to upload to the server