Java 在数据库中同时插入字符串类型变量和字节码类型变量
在以下代码中:Java 在数据库中同时插入字符串类型变量和字节码类型变量,java,mysql,sql,netbeans,Java,Mysql,Sql,Netbeans,在以下代码中: String username = jTextField1.getText(); String email = jTextField2.getText(); char[] s1 = jPasswordField1.getPassword(); char[] s2 = jPasswordField2.getPassword(); String password = new String(s1); String confirmpassword
String username = jTextField1.getText();
String email = jTextField2.getText();
char[] s1 = jPasswordField1.getPassword();
char[] s2 = jPasswordField2.getPassword();
String password = new String(s1);
String confirmpassword = new String(s2);
String address=jTextField6.getText();
String phone = jTextField3.getText();
String q1= jComboBox1.getSelectedItem().toString();
String a1=jTextField4.getText();
String q2= jComboBox2.getSelectedItem().toString();
String a2=jTextField5.getText();
String a3=a1+a2;
MainClass m1=new MainClass();
byte[] sig1 = m1.sign1(a3);
BigInteger sig2 = m1.sign2(a3);
if (password.equals(confirmpassword))
{
String sql="Insert into emp values('"+(username)+"','"+(email)+"','"+(password)+"','"+(address)+"','"+(phone)+"','"+(q1)+"','"+(a1)+"','"+(q2)+"','"+(a2)+"')";
stmt.executeUpdate(sql);
我想插入sig1而不是a1,插入sig2而不是a2SQL注入!请至少使用
PreparedStatement
s,或者更好,请详细说明你的回答,这根本不是一个答案;我刚才说你是SQL注入的主要受害者。。。
String sql="Insert into emp values('"+(username)+"','"+(email)+"','"+(password)+"','"+(address)+"','"+(phone)+"','"+(q1)+"','"+(a1)+"','"+(q2)+"','"+(a2)+"')";