【发布时间】:2015-03-02 15:26:34
【问题描述】:
目前我正在尝试从以 MD5 加密的数据库中获取密码。例如:
INSERT INTO Customer VALUES (1001, "Smith", "J.", "Alan", 'Mr', "43 The Glebe", "Mugwell Hill", "Nodnol", "", "N10 4SB", MD5("Alan"), "Mugwell Hill");
本例中的密码是 Alan。 我正在尝试比较用户输入的密码。
String userid = request.getParameter("uname");
String pwd = request.getParameter("pass");
Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/Erehwon","root", "");
Statement st = con.createStatement();
ResultSet rs;
rs = st.executeQuery("select * from Customer where customer_number='" + userid + "' and passwd ='" + pwd + "'");
if (rs.next()) {
session.setAttribute("userid", userid);
//out.println("welcome " + userid);
//out.println("<a href='logout.jsp'>Log out</a>");
response.sendRedirect("success.jsp");
} else {
out.println("Invalid password <a href='login_page.jsp'>try again</a>");
out.println(pwd);
out.println(userid);
}
您可能知道这是通过无效密码输入的,因为输入值不是 MD5 格式。无论如何我可以将密码转换为 MD5 或解密数据库密码以便它们匹配?
【问题讨论】:
-
"select * from Customer where customer_number='" + userid + "' and passwd = MD5('" + pwd + "')")只需将密码包装在 MD5();