我正在使用hibernate开发一个应用程序.当我尝试创建一个登录页面时,出现了Sql Injection的问题.我有以下代码:
@Component
@Transactional(propagation = Propagation.SUPPORTS)
public class LoginInfoDAOImpl implements LoginInfoDAO{
@Autowired
private SessionFactory sessionFactory;
@Override
public LoginInfo getLoginInfo(String userName,String password){
List<LoginInfo> loginList = sessionFactory.getCurrentSession().createQuery("from LoginInfo where userName='"+userName+"' and password='"+password+"'").list();
if(loginList!=null )
return loginList.get(0);
else return null;
}
}
在这种情况下如何防止Sql注入?loginInfo表的create table语法如下:
create table login_info
(user_name varchar(16) not null primary key,
pass_word varchar(16) not null);
关于@RequestMapping和@RequestBody实际上是如何做的,我有一些疑问.我有一个如下代码:
@Controller
public class CoreController {
@Autowired
LoggerExtension log;
@Autowired
DoService doService;
@RequestMapping(value="/method.do")
public @ResponseBody String getActionResponse(HttpServletRequest request,HttpServletResponse response){
String action = request.getParameter("action");
String gender = request.getParameter("gender");
String language = request.getParameter("language");
if("getLanguage".equalsIgnoreCase(action)){
returnResponse = doService.getUserLanguage(msisdn);
}
}
return returnResponse;
}
我想知道上面的代码是如何工作的?请帮我清除这个概念......