A simple example of a SQL injection
HttpServletRequest request = ...;
String userName = request.getParameter("name");
Connection con = ...
String query = "SELECT * FROM Users " +
" WHERE name = ’" + userName + "’";
con.execute(query);
------解决方案--------------------???
------解决方案--------------------exec store proc
------解决方案--------------------
该回复于2010-07-28 11:02:07被版主删除
------解决方案--------------------java ,用 PreparedStatement 这个对象
------解决方案--------------------不要这样写,最容易被攻击。