API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 6th, 2018
173
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.74 KB | None | 0 0
raw download clone embed print report
  1. package sql_connection;
  2.  
  3. import java.sql.Connection;
  4. import java.sql.DriverManager;
  5. import java.sql.PreparedStatement;
  6. import java.sql.ResultSet;
  7. import java.sql.SQLException;
  8. import java.sql.Statement;
  9.  
  10. public class SQLExample {
  11.  
  12. private static final String DB_DRIVER = "org.h2.Driver";
  13. private static final String DB_CONNECTION = "jdbc:h2:mem:secure;DB_CLOSE_DELAY=-1";
  14. private static final String DB_USER = "";
  15. private static final String DB_PASSWORD = "";
  16.  
  17. private static final String TEST_USER = "HelloSecure";
  18. private static final String TEST_PASS = "1234";
  19.  
  20.  
  21. private Connection getDBConnection() throws ClassNotFoundException, SQLException {
  22. Class.forName(DB_DRIVER);
  23. Connection dbConnection = DriverManager.getConnection(DB_CONNECTION, DB_USER, DB_PASSWORD);
  24. return dbConnection;
  25. }
  26.  
  27. private void createTable() throws SQLException, ClassNotFoundException {
  28. Connection conn = getDBConnection();
  29. Statement stmt = conn.createStatement();
  30. stmt.execute("CREATE TABLE USER(userName varchar(255), password varchar(255))");
  31. stmt.close();
  32. conn.commit();
  33. conn.close();
  34. }
  35.  
  36. private void addUser() throws ClassNotFoundException, SQLException {
  37. Connection conn = getDBConnection();
  38. Statement stmt = conn.createStatement();
  39. stmt.execute("INSERT INTO USER(userName, password) VALUES ('"+TEST_USER+"', '"+TEST_PASS+"')");
  40. stmt.close();
  41. conn.commit();
  42. conn.close();
  43. }
  44.  
  45. private boolean isValidUser(String userName, String pass) throws ClassNotFoundException, SQLException {
  46. String sqlString = "SELECT * FROM USER WHERE userName=? AND password=?";
  47. Connection conn = getDBConnection();
  48. PreparedStatement stmt = conn.prepareStatement(sqlString);
  49. stmt.setString(1, userName);
  50. stmt.setString(2, pass);
  51.  
  52. ResultSet rs = stmt.executeQuery();
  53. boolean valid = false;
  54. if(rs.next()) {
  55. valid = true;
  56. }
  57. rs.close();
  58. stmt.close();
  59. conn.commit();
  60. conn.close();
  61. return valid;
  62. }
  63.  
  64. public static void main(String[] args) throws ClassNotFoundException, SQLException {
  65. SQLExample example = new SQLExample();
  66. example.createTable();
  67. example.addUser();
  68. System.out.println("Is valid user HelloSecure/1234? " +example.isValidUser("HelloSecure", "1234"));
  69. System.out.println("Is valid user HelloSecure/7890? " +example.isValidUser("HelloSecure", "7890"));
  70. System.out.println("Is valid user HelloSecure' OR '1'='1/7890? " +example.isValidUser("HelloSecure' OR '1'='1", "7890"));
  71. }
  72. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!