select code_produit from produit where code_produit=toto
"0; DROP TABLE produit;"ça fait :
select code_produit from produit where code_produit=0; DROP TABLE produit;
import java.sql.Connection; import java.sql.DriverManager; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; public class DatabaseAccess { private static final String DB_DRIVER = "com.microsoft.sqlserver.jdbc.SQLServerDriver"; private static final String DB_HOST = "localhost:1433"; private static final String DB_NAME = "BDD_gestion"; private static final String DB_USER = "sa"; private static final String DB_PASS = "java"; private static final String DB_URL = "jdbc:sqlserver://" + DB_HOST + ";" + "databaseName=" + DB_NAME + ";" + "user=" + DB_USER + ";" + "password=" + DB_PASS + ";"; private static final String TABLE_PRODUCT = "PRODUIT"; private static final String COLUMN_CODE = "CODE_PRODUIT"; public static void initDriver() { try { Class.forName(DB_DRIVER); } catch (Exception e) { throw new IllegalStateException("Driver not loaded", e); } } private static void closeAll(AutoCloseable... toClose) { if (toClose == null) return; for (AutoCloseable closeable : toClose) { try { if (closeable != null) closeable.close(); } catch (Exception e) { System.err.println(e); } } } private static Connection getConnection() throws SQLException { return DriverManager.getConnection(DB_URL); } private static boolean checkIfExist(String table, String column, int value) throws SQLException { Connection conn = null; PreparedStatement stmt = null; ResultSet rs = null; String sql = "SELECT TOP 1 " + column + " FROM " + table + " WHERE " + column + "=?"; try { conn = getConnection(); stmt = conn.prepareStatement(sql); stmt.setInt(1, value); rs = stmt.executeQuery(); return rs.first() && rs.getInt(1) == value && !rs.wasNull(); } finally { closeAll(conn, stmt, rs); } } public static boolean checkIfProductCodeExist(int code) throws SQLException { return checkIfExist(TABLE_PRODUCT, COLUMN_CODE, code); } }
import javax.swing.JLabel; import javax.swing.JOptionPane; public class Test { private JLabel t_design = null; private static void message(String title, String content, int type) { JOptionPane.showMessageDialog(null, content, title, type); } public static void warning(String content) { message("Warning", content, JOptionPane.WARNING_MESSAGE); } public static void error(Exception e) { e.printStackTrace(); message("Error", e.toString(), JOptionPane.ERROR_MESSAGE); } public void toto() { String text = t_design.getText(); int code = -1; try { code = Integer.parseInt(text); } catch (NumberFormatException e) { error(e); return; } try { boolean exist = DatabaseAccess.checkIfProductCodeExist(code); if (exist) warning("Code already exist: " + code); } catch (Exception e) { error(e); } } }