@Override public void addPerson(Person newPerson) { String sql = "insert into person values('"+newPerson.getUserAccount()+"','"+newPerson.getUserName()+"','"+newPerson.getUserSex()+"','"+newPerson.getUserBirthday()+"','"+newPerson.getUserIdCard()+"','"+newPerson.getUserPassword()+"',"+newPerson.getUserIdentify()+",'"+newPerson.getUserOtherName()+"')"; Deal.deal(sql); }
时间: 2024-03-01 13:50:51 浏览: 34
这段代码同样存在 SQL 注入漏洞,应该使用 PreparedStatement 来避免。正确的代码应该是:
```
@Override
public void addPerson(Person newPerson) {
String sql = "INSERT INTO person VALUES (?, ?, ?, ?, ?, ?, ?, ?)";
try (Connection conn = DriverManager.getConnection(url, username, password);
PreparedStatement ps = conn.prepareStatement(sql)) {
ps.setString(1, newPerson.getUserAccount());
ps.setString(2, newPerson.getUserName());
ps.setString(3, newPerson.getUserSex());
ps.setString(4, newPerson.getUserBirthday());
ps.setString(5, newPerson.getUserIdCard());
ps.setString(6, newPerson.getUserPassword());
ps.setInt(7, newPerson.getUserIdentify());
ps.setString(8, newPerson.getUserOtherName());
ps.executeUpdate();
} catch (SQLException e) {
e.printStackTrace();
}
}
```
这样可以防止用户恶意输入特殊字符导致 SQL 注入攻击。
相关推荐
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)