Mybatis之预防SQL注入攻击
作者:互联网
文章目录
1. 什么是SQL注入攻击
sql注入是指攻击者利用SQL漏洞,绕过系统约束,越权获取数据的攻击方式
2. MyBatis两种传值方式
- ${} 文本替换,未经任何处理对SQL文本替换
- #{} 预编译传值,使用预编译传值可以预防SQL注入
3. ${} 方式的问题
goods.xml文件中
<select id="selectByTitle" parameterType="java.util.Map" resultType="com.mybatis.entity.Goods">
select * from t_goods where title =${title}
</select>
@Test
public void testSelectByTitle() throws Exception {
SqlSession session = null;
try{
session = MyBatisUtils.openSession();
Map map = new HashMap();
map.put("title", "''or 1=1 or title ='100'");
List<Goods> g = session.selectList("goods.selectByTitle", map);
for(Goods f: g){
System.out.println(f.getTitle() + "\t" + f.getCurrentPrice());
}
}catch(Exception e){
throw e;
}finally{
MyBatisUtils.closeSession(session);
}
}
结果会出现所有数据
就产生了sql注入问题
4. #{} 方式
<select id="selectByTitle" parameterType="java.util.Map" resultType="com.mybatis.entity.Goods">
select * from t_goods where title =#{title}
</select>
@Test
public void testSelectByTitle() throws Exception {
SqlSession session = null;
try{
session = MyBatisUtils.openSession();
Map map = new HashMap();
map.put("title", "''or 1=1 or title ='100'");
List<Goods> g = session.selectList("goods.selectByTitle", map);
for(Goods f: g){
System.out.println(f.getTitle() + "\t" + f.getCurrentPrice());
}
}catch(Exception e){
throw e;
}finally{
MyBatisUtils.closeSession(session);
}
}
结果没有任何结果
标签:map,goods,title,session,SQL,Mybatis,预防,MyBatisUtils 来源: https://blog.csdn.net/mercies/article/details/110739157