我目前正在学习Java中的多线程并遇到了一个有趣的问题.我有一个"loader"类,它读取一些CSV文件.
public class LoaderThread implements Runnable{
@Override
public void run(){
//do some fancy stuff
}
}
此外,我有一个SplashScreen,我想在加载数据时显示它.
import javax.swing.JLabel;
import javax.swing.JWindow;
import javax.swing.SwingConstants;
public class SplashScreen extends JWindow{
JWindow jwin = new JWindow();
public SplashScreen(){
jwin.getContentPane().add(new JLabel("Loading...please wait!",SwingConstants.CENTER));
jwin.setBounds(200, 200, 200, 100);
jwin.setLocationRelativeTo(null);
jwin.setVisible(true);
try {
Thread.sleep(3000);
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
}
jwin.setVisible(false);
jwin.dispose();
}
}
当用户点击按钮时,代码从我的主类运行:
private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {
final Thread t = new Thread() {
@Override
public void run() {
LoaderThread myRunnable = new …我在日志中发现有人试图攻击我的页面.我有一些子页面,通过URL提交的ID从数据库中提取数据.喜欢page.php?id = 666我在日志中可以找到的是这些攻击:
page.php?id=../../../../../../../../../../etc/passwd
page.php?id=/proc/self/environ
page.php?id=-1%27
更重要的是,我的代码是否很弱?这次攻击可能成功吗?
$id = intval($_GET['id']);
$stmt = $con->prepare("SELECT *
FROM mytable AS myvar
WHERE myvar.ID =:ID");
$stmt->bindValue(':ID', $id, PDO::PARAM_INT);
$stmt->execute();
提前致谢!