SQL injection

1、 Normal landing ：

package com.hyc.study02;
import com.hyc.study02.utils.JDBCUtils;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

public class PourIntoSql {
    
    public static void main(String[] args) {
    
        login("zxzb", "123456");
    }

    public static void login(String username, String psw) {
    
        Connection connection = null;
        Statement statement = null;
        ResultSet resultSet = null;

        try {
    
            connection = JDBCUtils.getConnection();
            statement = connection.createStatement();
            String sql = "SELECT * FROM `users` WHERE `NAME`='" + username + "'AND `PASSWORD`='" + psw + "'";
            resultSet = statement.executeQuery(sql);
            while (resultSet.next()) {
    
                System.out.println(resultSet.getInt("id"));
                System.out.println(resultSet.getString("NAME"));
                System.out.println(resultSet.getString("PASSWORD"));
                System.out.println(resultSet.getString("email"));
                System.out.println(resultSet.getDate("birthday"));
                System.out.println("===========================================");
            }
        } catch (SQLException throwables) {
    
            throwables.printStackTrace();
        } finally {
    
            JDBCUtils.release(connection, statement, resultSet);
        }
    }
}

result ：

2、SQL Information leakage caused by injection ：

package com.hyc.study02;
import com.hyc.study02.utils.JDBCUtils;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

public class PourIntoSql {
    
    public static void main(String[] args) {
    
        login(" ' or '1=1", "' or '1=1");
    }

    public static void login(String username, String psw) {
    
        Connection connection = null;
        Statement statement = null;
        ResultSet resultSet = null;

        try {
    
            connection = JDBCUtils.getConnection();
            statement = connection.createStatement();
            String sql = "SELECT * FROM `users` WHERE `NAME`='" + username + "'AND `PASSWORD`='" + psw + "'";
            resultSet = statement.executeQuery(sql);
            while (resultSet.next()) {
    
                System.out.println(resultSet.getInt("id"));
                System.out.println(resultSet.getString("NAME"));
                System.out.println(resultSet.getString("PASSWORD"));
                System.out.println(resultSet.getString("email"));
                System.out.println(resultSet.getDate("birthday"));
                System.out.println("===========================================");
            }
        } catch (SQLException throwables) {
    
            throwables.printStackTrace();
        } finally {
    
            JDBCUtils.release(connection, statement, resultSet);
        }
    }
}

result ：

SQL The reason for injection is that when the background server receives relevant parameters, it does not directly bring them into the database for query without filtering .

adopt 1、2 From these two comparisons, we can see ,2 After string splicing in , Without filtering in the background, it is directly brought into the database for query, resulting in sql Inject .