Java·ÀÖ¹SQL×¢Èë

 SQL×¢ÈëÊÇ×î³£¼ûµÄ¹¥»÷·½Ê½Ö®Ò»,Ëü²»ÊÇÀûÓòÙ×÷ϵͳ»òÆäËüϵͳµÄ©¶´À´ÊµÏÖ¹¥»÷µÄ,¶øÊdzÌÐòÔ±ÒòΪûÓÐ×öºÃÅжÏ,±»²»·¨
Óû§×êÁËSQLµÄ¿Õ×Ó,ÏÂÃæÎÒÃÇÏÈÀ´¿´ÏÂʲôÊÇSQL×¢Èë:
          ±ÈÈçÔÚÒ»¸öµÇ½½çÃæ,ÒªÇóÓû§ÊäÈëÓû§ÃûºÍÃÜÂë:
          Óû§Ãû:       ' or 1=1 --  
          ÃÜ       Âë:  
          µãµÇ½,ÈçÈôûÓÐ×öÌØÊâ´¦Àí,¶øÖ»ÊÇÒ»Ìõ´øÌõ¼þµÄ²éѯÓï¾äÈç:
          String sql="select * from users where username='"+userName+"' and password='"+password+"' "
          ÄÇôÕâ¸ö·Ç·¨Óû§¾ÍºÜµÃÒâµÄµÇ½½øÈ¥ÁË.(µ±È»ÏÖÔÚµÄÓÐЩÓïÑÔµÄÊý¾Ý¿âAPIÒѾ­´¦ÀíÁËÕâЩÎÊÌâ)
          ÕâÊÇΪʲôÄØ?ÎÒÃÇÀ´¿´¿´ÕâÌõÓï¾ä,½«Óû§ÊäÈëµÄÊý¾ÝÌæ»»ºóµÃµ½ÕâÑùÒ»ÌõÓï¾ä:
          select * from users where username='' or 1=1 --' and password=''
          ΪÁ˸üÃ÷°×Щ£¬¿ÉÒÔ½«Æ临ÖƵ½SQL·ÖÎöÆ÷ÖУ¬½«»á·¢ÏÖ£¬ÕâÌõÓï¾ä»á½«Êý¾Ý¿âµÄÊý¾ÝÈ«²¿¶Á³öÀ´£¬ÎªÊ²Ã´ÄØ£¿
          ºÜ¼òµ¥,¿´µ½Ìõ¼þºóÃæ username='' or 1=1 Óû§ÃûµÈÓÚ '' »ò 1=1 ÄÇôÕâ¸öÌõ¼þÒ»¶¨»á³É¹¦£¬È»ºóºóÃæ¼ÓÁ½¸ö-£¬ÕâÒâζ×Å
ʲô£¿Ã»´í£¬×¢ÊÍ£¬Ëü½«ºóÃæµÄÓï¾ä×¢ÊÍ£¬ÈÃËûÃDz»Æð×÷Óã¬ÕâÑù¾Í¿ÉÒÔ˳ÀûµÄ°ÑÊý¾Ý¿âÖеÄÊý¾Ý¶ÁÈ¡³öÀ´ÁË¡£
          Õ⻹ÊDZȽÏÎÂÈáµÄ£¬Èç¹ûÊÇÖ´ÐÐ
          select * from users where username='' ;DROP Database      (DB Name) --' and password=''
          .......ÆäËûµÄÄú¿ÉÒÔ×Ô¼ºÏëÏ󡣡£¡£
          ÄÇôÎÒÃÇÔõôÀ´´¦ÀíÕâÖÖ