📜  在 JDBC 中运行 SQL 查询的一种不好的方法 - 无论代码示例

📅  最后修改于: 2022-03-11 14:59:54.938000             🧑  作者: Mango

代码示例1
// The user we want to find.
String email = "user@email.com";

// Connect to the database.
Connection conn = DriverManager.getConnection(URL, USER, PASS);
Statement stmt = conn.createStatement();

// Bad, bad news! Don't construct the query with string concatenation.
String sql = "SELECT * FROM users WHERE email = '" + email + "'";

// I have a bad feeling about this...
ResultSet results = stmt.executeQuery(sql);

while (results.next()) {
  // ...oh look, we got hacked.
}