java sql_java sql

import java.sql.Connection;

import java.sql.DriverManager;

import java.sql.PreparedStatement;

import java.sql.ResultSet;

import java.sql.SQLException;

import java.sql.Savepoint;

import java.sql.Statement;

import com.mysql.jdbc.Driver;

public class Sqltest {

private final static String DRIVER="com.mysql.jdbc.Driver";

private final static String URL = "jdbc:mysql://127.0.0.1:3306/signin";

private final static String USERNAME = "root";

private final static String PASSWORD = "21424019";

public static void main(String[] args) {

// TODO Auto-generated method stub

try {

Driver driver = (Driver)Class.forName(DRIVER).newInstance();

DriverManager.registerDriver(driver);

Connection con = DriverManager.getConnection(URL, USERNAME, PASSWORD);

con.setAutoCommit(false);

//String sql="select user_id from `test`.`new_table` where user_id=";

String sql="insert into test.new_table(user_id,password) values(?,?)";

String sql2=" and password=";

String user_id1="harry1",password1="123456";

String user_id2="'potter1' or '1'='1'--";

String password2="'23456790'";

StringBuffer sb=new StringBuffer();

sb.append(sql);

sb.append(user_id1);

sb.append(sql2);

sb.append(password1);

PreparedStatement preparestatement = con.prepareStatement(sql);

preparestatement.setString(1,user_id1);

preparestatement.setString(2, password1);

Savepoint svpt=con.setSavepoint();

int lines=preparestatement.executeUpdate();

if(lines>=1)

{

System.out.println(lines);

con.rollback();

//con.rollback(svpt);

}

con.commit();

con.releaseSavepoint(svpt);

} catch (InstantiationException e) {

// TODO Auto-generated catch block

e.printStackTrace();

} catch (IllegalAccessException e) {

// TODO Auto-generated catch block

e.printStackTrace();

} catch (ClassNotFoundException e) {

// TODO Auto-generated catch block

e.printStackTrace();

} catch (SQLException e) {

// TODO Auto-generated catch block

e.printStackTrace();

}

}

}