jdbc pre-compiled implementation

Others 2019-09-05 21:10:56 views: null

jdbc precompiled There are two ways:

A way, pre-compiled jdbc themselves to achieve, it is to do some special characters to deal with anti-SQL injection, see PreparedStatement source code on it.

public static void main(String[] args) {

    try {

        final String driverClassName = "com.mysql.jdbc.Driver";
        final String url = "jdbc:mysql://10.6.9.14:3306/SBLOG";  重点看这里
        final String username = "sdl";
        final String password = "sdl";

        Connection connection = DriverManager.getConnection(url2, username, password);

        String sql = " SELECT *\n" +
                "   FROM t_web\n" +
                "  WHERE id = ? and name like ?";

        Class.forName(driverClassName);

        PreparedStatement preparedStatement = connection.prepareStatement(sql);

        preparedStatement.setInt(1, 1);

        preparedStatement.setString(2, "%ing%");


        RST = PreparedStatement.executeQuery the ResultSet (); 

        rst.next (); 

        System.out.println (rst.getString (2)); 
    } the catch (Exception E) { 
        e.printStackTrace (); 
    } 

} 

When there is a call MySQL wireshark screenshot. Stitching complete the look can actually send the SQL past.

 

 

 

Second way, the use of pre-compiled MySQL.

 

static void main public (String [] args) { 

    the try { 

        Final driverClassName String = "com.mysql.jdbc.Driver"; 
        Final URL2 String = "JDBC:? MySQL: //10.6.8.4: 3306 / SBLOG = useServerPrepStmts to true" ; the focus here to see an increase useServerPrepStmts = true

        final String username = "sdl";
        final String password = "sdl";


        Connection connection = DriverManager.getConnection(url2, username, password);

        String sql = " SELECT *\n" +
                "   FROM t_web\n" +
                "  WHERE id = ? and name like ?";

        Class.forName(driverClassName);

        PreparedStatement preparedStatement = connection.prepareStatement(sql);

        preparedStatement.setInt(1, 1);

        preparedStatement.setString(2, "%ing%");


        ResultSet rst = preparedStatement.executeQuery();

        rst.next();

        System.out.println(rst.getString(2));
    } catch (Exception e) {
        e.printStackTrace();
    }

}
Here is a screenshot of wireshark when calling MySQL. You can actually look parameter is a placeholder?.

 

 

 


mybatis this framework is the same. The key to your jdbc url how to configure, and the frame does not matter.



Guess you like

Origin www.cnblogs.com/SEC-fsq/p/11465780.html
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com