控制台报错
来源:5-2 JDBC的SQL注入漏洞的解决
weixin_慕瓜9083905
2020-01-31 15:52:57
package com.imooc.jdbc.demo2;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
import org.junit.Test;
import com.imooc.jdbc.utils.JDBCUtils;
import com.mysql.jdbc.PreparedStatement;
/**
* 演示JDBC的注入的漏洞
* @author Administrator
*
*/
public class JDBCDemo4 {
@Test
/**
* 测试SQL注入漏洞的方法
* @param username
* @param password
* @return
*/
public void demo1() {
boolean flag = JDBCDemo4.login2("aaa", "111");
if(flag == true) {
System.out.println("登陆成功");
}else {
System.out.println("登陆失败");
}
}
/**
* 避免SQL注入漏洞的方法
*/
public static boolean login2(String username,String password) {
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
boolean flag = false;
try {
// 获得连接
conn = JDBCUtils.getConnection();
// 编写SQl:
String sql = "select * from user where username=? and password=?";
// 预处理SQL
pstmt = (PreparedStatement) conn.prepareStatement(sql);
// 设置具体参数
pstmt.setString(1, username);
pstmt.setString(2, password);
// 执行SQL
rs = pstmt.executeQuery();
//判断结果集
if(rs.next()) {
flag = true;
}else {
flag = false;
}
}catch(Exception e) {
e.printStackTrace();
}finally {
JDBCUtils.release(rs, pstmt, conn);
}
return flag;
}
/**
* 产生SQL注入漏洞的方法
* @param username
* @param password
* @return
*/
public static boolean login(String username,String password) {
Connection conn = null;
Statement stmt = null;
ResultSet rs = null;
boolean flag = false;
try {
conn = JDBCUtils.getConnection();
//创建执行sql语句的对象
stmt = conn.createStatement();
//编写sql:
String sql = "select * from where username = '"+username+"' and password='"+password+"' ";
rs = stmt.executeQuery(sql);
//判断结果集是否有数据
if(rs.next()) {
flag = true;
}else {
flag = false;
}
}catch(Exception e) {
e.printStackTrace();
}finally {
JDBCUtils.release(rs, stmt, conn);
}
return flag;
}
}
java.sql.SQLException: Access denied for user 'root@localhost'@'localhost' (using password: YES)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1055)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:956)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3515)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3447)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:911)
at com.mysql.jdbc.MysqlIO.secureAuth411(MysqlIO.java:3953)
at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1276)
at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2048)
at com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:723)
at com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:46)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:302)
at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:282)
at java.sql.DriverManager.getConnection(Unknown Source)
at java.sql.DriverManager.getConnection(Unknown Source)
at com.imooc.jdbc.utils.JDBCUtils.getConnection(JDBCUtils.java:55)
at com.imooc.jdbc.demo2.JDBCDemo4.login2(JDBCDemo4.java:43)
at com.imooc.jdbc.demo2.JDBCDemo4.demo1(JDBCDemo4.java:26)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at org.junit.runner.JUnitCore.run(JUnitCore.java:115)
at org.junit.vintage.engine.execution.RunnerExecutor.execute(RunnerExecutor.java:40)
at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(Unknown Source)
at java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
at java.util.Iterator.forEachRemaining(Unknown Source)
at java.util.Spliterators$IteratorSpliterator.forEachRemaining(Unknown Source)
at java.util.stream.AbstractPipeline.copyInto(Unknown Source)
at java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(Unknown Source)
at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(Unknown Source)
at java.util.stream.AbstractPipeline.evaluate(Unknown Source)
at java.util.stream.ReferencePipeline.forEach(Unknown Source)
at org.junit.vintage.engine.VintageTestEngine.executeAllChildren(VintageTestEngine.java:80)
at org.junit.vintage.engine.VintageTestEngine.execute(VintageTestEngine.java:71)
at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:229)
at org.junit.platform.launcher.core.DefaultLauncher.lambda$execute$6(DefaultLauncher.java:197)
at org.junit.platform.launcher.core.DefaultLauncher.withInterceptedStreams(DefaultLauncher.java:211)
at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:191)
at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:137)
at org.eclipse.jdt.internal.junit5.runner.JUnit5TestReference.run(JUnit5TestReference.java:89)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:41)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:541)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:763)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:463)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:209)
登陆失败
而且
// 预处理SQL
pstmt = (PreparedStatement) conn.prepareStatement(sql);
预处理为什么会要求我强制类型转换 有什么影响吗
1回答
-
好帮手慕酷酷
2020-02-01
同学你好,
1、老师测试同学的代码是没有问题,这里根据报错信息,表示同学数据连接失败,具体如下:
建议同学检查一下jdbc.properties文件用户名、密码编写的是否正确。注意等号前后不要有空格。
例如老师的链接数据库配置文件:
2、同学这里预处理需要强制转换,应该是同学导入的PreparedStatement类的包导入错误了。这里应该导入java.sql包下的PreparedStatement。具体如下:
如果我的回答解决了你的疑惑,请采纳!祝学习愉快!
0
