如何防止SQL注入在休眠? [英] How to prevent SQL Injection in hibernate?
问题描述
我正在开发一个使用hibernate的应用程序。当我尝试创建一个登录页面时,出现了Sql注入的问题。
我有以下代码:
pre code @Component
@Transactional(propagation = Propagation.SUPPORTS)
public class LoginInfoDAOImpl implements LoginInfoDAO {
@Autowired
private SessionFactory sessionFactory;
@Override
public LoginInfo getLoginInfo(String userName,String password){
List< LoginInfo> loginList = sessionFactory.getCurrentSession()。createQuery(from LoginInfo where userName ='+ userName +'and password ='+ password +')。
if(loginList!= null)
return loginList.get(0);
else返回null;
$ b $ p
$ b
在这种情况下,我将如何防止Sql注入?创建loginInfo表的表格语法如下:
create table login_info
(user_name varchar(16)not null primary key,
pass_word varchar(16)not null);
Query q = sessionFactory.getCurrentSession()。createQuery(from LoginInfo where userName =:name);
q.setParameter(name,userName);
列表< LoginInfo> loginList = q.list();
I am developing an application using hibernate.When I try to create a Login page, The problem of Sql Injection arises. I have the following code:
@Component
@Transactional(propagation = Propagation.SUPPORTS)
public class LoginInfoDAOImpl implements LoginInfoDAO{
@Autowired
private SessionFactory sessionFactory;
@Override
public LoginInfo getLoginInfo(String userName,String password){
List<LoginInfo> loginList = sessionFactory.getCurrentSession().createQuery("from LoginInfo where userName='"+userName+"' and password='"+password+"'").list();
if(loginList!=null )
return loginList.get(0);
else return null;
}
}
How will i prevent Sql Injection in this scenario ?The create table syntax of loginInfo table is as follows:
create table login_info
(user_name varchar(16) not null primary key,
pass_word varchar(16) not null);
Query q = sessionFactory.getCurrentSession().createQuery("from LoginInfo where userName = :name");
q.setParameter("name", userName);
List<LoginInfo> loginList = q.list();
You other have options too, see this nice article from mkyong.
这篇关于如何防止SQL注入在休眠?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
