网站地图    收藏   

主页 > 后端 > 网站安全 >

jdbc防止sql注入-PreparedStatement - 网站安全 - 自学

来源:自学PHP网    时间:2015-04-17 13:02 作者: 阅读:

[导读] public List getUserByName(String name,String password){ ResultSet rs = null; PreparedStatement stat = null; Connection conn = null; List list = new ArrayList(); try { conn ......

public List getUserByName(String name,String password){
        ResultSet rs = null;
        PreparedStatement stat = null;
        Connection conn = null;
        List list = new ArrayList();
        try {
            conn = createConnection();
            
            String sql = "select name,password from manager where  name=? and password=?";
            stat = conn.prepareStatement(sql);
            stat.setString(1, name);
            stat.setString(2, password);
            rs = stat.executeQuery(sql);
            while (rs.next()) {
                System.out.println(rs.getString(1));
                String []user = new String[2];
                user[0] = rs.getString(1);
                user[1] = rs.getString(2);
                list.add(user);
            }
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            closeAll(rs, stat, conn);
        }
        return list;
    }

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论