A simple example of a SQL injection
HttpServletRequest request = ...;
String userName = request.getParameter("name");
Connection con = ...
String query = "SELECT * FROM Users " +
" WHERE name = ’" + userName + "’";
con.execute(query);
[解决办法]
???
[解决办法]
exec store proc
[解决办法]
该回复于2010-07-28 11:02:07被版主删除
[解决办法]
java ,用 PreparedStatement 这个对象
[解决办法]
不要这样写,最容易被攻击。