-
JDBC中对象的解释和statement对象详解
DriverManager
推荐使用 Class.forName("com.mysql.jdbc.Driver");编写加载驱动(固定写法)
- //1.加载驱动
- //DriverManager.registerDriver(new com.mysql.jdbc.Driver());
- //推荐这种写法加载驱动
- Class.forName("com.mysql.jdbc.Driver");
- Connection connection = DriverManager.getConnection(url, userName, passWord);
- // connection代表数据库
- // 数据库设置自动提交
- // 事务提交
- // 事务回滚
- connection.setAutoCommit(true);
- connection.commit();
- connection.rollback();
URL
- mysql默认端口3306
- 协议://主机地址:端口号/数据库名?参数1&参数2&参数3
- oracle默认端口1521
- jdbc:oracle:thin:@localhost:1521:sid
- //2.用户信息和url
- //useUnicode=true 支持中文编码
- //&charactEncoding=utf8 设定它的中文字符集
- //&useSSL=true 使用安全连接
- String url = "jdbc:mysql://localhost:3306/jdbcstudy?useUnicode=true&charactEncoding=utf8&useSSL=true";
- String username = "root";
- String password = "123456";
- // mysql默认端口3306
- // 协议://主机地址:端口号/数据库名?参数1&参数2&参数3
- // oracle默认端口1521
- // jdbc:oracle:thin:@localhost:1521:sid
- useUnicode=true 支持中文编码
- &charactEncoding=utf8 设定它的中文字符集
- &useSSL=true 使用安全连接
数据库对象Connection
- //3.连接成功,数据库对象 Connection代表数据库
- Connection connection = DriverManager.getConnection(url, username, password);
- // connection.rollback();
- // connection.commit();
- // connection.setAutoCommit();
Statement执行sql对象、PreparedStatement执行sql对象
- 执行SQL对象
- Statement statement = connection.createStatement();
- 执行SQL的对象去执行sql,可能存在结果,查看返回结果
- String sql = "SELECT * FROM `users`";
- ResultSet resultSet = statement.executeQuery(sql);
- String sql = "SELECT * FROM users";//编写SQL
- // statement.executeQuery();//查询操作返回ResultSet
- // statement.execute();//执行任何SQL
- // statement.executeUpdate();//更新、插入、删除。都是用这个,返回一个受影响的行数
ResultSet 查询的结果集,封装了所有的查询结果
- while (resultSet.next()) {
- System.out.println("id=" + resultSet.getObject("id"));
- System.out.println("name=" + resultSet.getObject("NAME"));
- System.out.println("pwd=" + resultSet.getObject("PASSWORD"));
- System.out.println("email=" + resultSet.getObject("email"));
- System.out.println("birth=" + resultSet.getObject("birthday"));
- System.out.println("===========================================");
- }
(1)获得指定的数据类型
- //在不知道列类型的情况下使用
- resultSet.getObject();
- //如果知道列的类型就使用指定的类型
- resultSet.getString();
- resultSet.getInt();
- resultSet.getFloat();
- resultSet.getDate();
(2)遍历,指针
- //移动到最前面
- resultSet.beforeFirst();
- //移动到最后面
- resultSet.afterLast();
- //移动到下一个数据
- resultSet.next();
- //移动到前一行
- resultSet.previous();
- //移动到最前面
- resultSet.absolute(row);
(3)释放资源
- //6.释放连接
- resultSet.close();
- statement.close();
- connection.close();//消耗资源
statement对象详解
- JDBC中的statement对象用于向数据库发送SQL语句,想完成对数据库的增删查改,只需要通过这个对象向数据库发送增删改查语句即可
- Statement对象的executeUpdate方法,用于向数据库发送增、删、改的SQL语句, executeUpdate执行完后,将会返回一个整数(即增删改语句导致了数据库几行数据发送了变化)
- Statement.executeQuery方法用于向数据库发送查询语句
- executeQuery方法返回代表查询结果的ResultSet对象
CRUD操作-create
(增) 例子:
使用executeUpdate(String sql)方法完成数据添加操作
- Statement statement = connection.createStatement();
- String sql = "insert into user(...) values(...)";
- int num = statement.executeUpdate(sql);
- if (num > 0) {
- System.out.println("插入成功~");
- }
CRUD操作-delete
(删)例子:
- Statement statement = connection.createStatement();
- String sql = "delete from user where id=1";
- int num = statement.executeUpdate(sql);
- if (num > 0) {
- System.out.println("删除成功~");
- }
CRUD操作-update
(改)例子:
- Statement statement = connection.createStatement();
- String sql = "update user set name='' where name =''";
- int num = statement.executeUpdate(sql);
- if (num > 0) {
- System.out.println("修改成功~");
- }
CRUD操作-read
(查)例子:
- Statement statement = connection.createStatement();
- String sql = "SELECT * FROM users";
- ResultSet resultSet = statement.executeQuery(sql);
- while (resultSet.next()) {
- //根据获取列的数据类型,分别调用resultSet的相应方法映射到java对象中
- }
代码实现
(1)提取工具类
- package com.gt.lesson02.utils;
- import java.io.IOException;
- import java.io.InputStream;
- import java.sql.*;
- import java.util.Properties;
- public class JdbcUtils {
- private static String driver = null;
- private static String url = null;
- private static String username = null;
- private static String password = null;
- static {
- try {
- InputStream in = JdbcUtils.class.getClassLoader().getResourceAsStream("db.properties");
- Properties properties = new Properties();
- properties.load(in);
- driver = properties.getProperty("driver");
- url = properties.getProperty("url");
- username = properties.getProperty("username");
- password = properties.getProperty("password");
- //1.驱动只用加载一次
- Class.forName(driver);
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
- //获取连接
- public static Connection getConnection() throws SQLException {
- return DriverManager.getConnection(url, username, password);
- }
- //释放连接资源
- public static void release(Connection conn, Statement st, ResultSet rs) {
- if (rs!=null){
- try {
- rs.close();
- } catch (SQLException throwables) {
- throwables.printStackTrace();
- }
- }
- if (st!=null){
- try {
- st.close();
- } catch (SQLException throwables) {
- throwables.printStackTrace();
- }
- }
- if (conn!=null){
- try {
- conn.close();
- } catch (SQLException throwables) {
- throwables.printStackTrace();
- }
- }
- }
- }
配置文件db.properties
- driver=com.mysql.jdbc.Driver
- url=jdbc:mysql://localhost:3306/jdbcStudy?useUnicode=true&characterEncoding=utf8&useSSL=true
- username=root
- password=123456
(2)编写增的方法,
executeUpdate- package com.gt.lesson02;
- import com.gt.lesson02.utils.JdbcUtils;
- import java.sql.Connection;
- import java.sql.ResultSet;
- import java.sql.SQLException;
- import java.sql.Statement;
- public class Testlnsert {
- public static void main(String[] args) {
- Connection conn = null;
- Statement st = null;
- ResultSet rs = null;
- try {
- conn = JdbcUtils.getConnection();//获取数据库连接
- st = conn.createStatement();//获得SQL的执行对象
- String sql = "INSERT INTO users(id,`NAME`,`PASSWORD`,`email`,`birthday`)" +
- "VALUES(4,'git','123456','123456@qq.com','2022-8-7')";
- int i = st.executeUpdate(sql);
- if (i > 0) {
- System.out.println("插入成功!");
- }
- } catch (SQLException e) {
- e.printStackTrace();
- } finally {
- JdbcUtils.release(conn, st, rs);
- }
- }
- }
输出结果:
(3)编写删的方法,
executeUpdate- package com.gt.lesson02;
- import com.gt.lesson02.utils.JdbcUtils;
- import java.sql.Connection;
- import java.sql.ResultSet;
- import java.sql.SQLException;
- import java.sql.Statement;
- public class TestDelete {
- public static void main(String[] args) {
- Connection conn = null;
- Statement st = null;
- ResultSet rs = null;
- try {
- conn = JdbcUtils.getConnection();//获取数据库连接
- st = conn.createStatement();//获得SQL的执行对象
- String sql = "DELETE FROM users WHERE id = 4;";
- int i = st.executeUpdate(sql);
- if (i > 0) {
- System.out.println("删除成功!");
- }
- } catch (SQLException e) {
- e.printStackTrace();
- } finally {
- JdbcUtils.release(conn, st, rs);
- }
- }
- }
输出结果:
(4)编写改的方法,
executeUpdate- package com.gt.lesson02;
- import com.gt.lesson02.utils.JdbcUtils;
- import java.sql.Connection;
- import java.sql.ResultSet;
- import java.sql.SQLException;
- import java.sql.Statement;
- public class TestUpdate {
- public static void main(String[] args) {
- Connection conn = null;
- Statement st = null;
- ResultSet rs = null;
- try {
- conn = JdbcUtils.getConnection();//获取数据库连接
- st = conn.createStatement();//获得SQL的执行对象
- String sql = "UPDATE users SET `NAME`='lisi',`email`='2366546@qq.com' WHERE id=2";
- int i = st.executeUpdate(sql);
- if (i > 0) {
- System.out.println("更新成功!");
- }
- } catch (SQLException e) {
- e.printStackTrace();
- } finally {
- JdbcUtils.release(conn, st, rs);
- }
- }
- }
输出结果:
(5)查询
- package com.gt.lesson02;
- import com.gt.lesson02.utils.JdbcUtils;
- import java.sql.Connection;
- import java.sql.ResultSet;
- import java.sql.SQLException;
- import java.sql.Statement;
- public class TestSelect {
- public static void main(String[] args) {
- Connection conn = null;
- Statement st = null;
- ResultSet rs = null;
- //SQL
- try {
- conn = JdbcUtils.getConnection();
- st = conn.createStatement();
- //SQL
- String sql = "SELECT * FROM users WHERE id =1;";
- rs = st.executeQuery(sql);//查询完毕会返回一个结果集
- while (rs.next()) {
- System.out.println(rs.getString("NAME"));
- }
- } catch (SQLException throwables) {
- throwables.printStackTrace();
- } finally {
- JdbcUtils.release(conn, st, rs);
- }
- }
- }
输出结果:
sql注入问题
sql存在漏洞,会被攻击导致数据泄露 (SQL会被拼接)
- package com.gt.lesson02;
- import com.gt.lesson02.utils.JdbcUtils;
- import java.sql.Connection;
- import java.sql.ResultSet;
- import java.sql.SQLException;
- import java.sql.Statement;
- public class SQL注入 {
- public static void main(String[] args) {
- // login("zhangsan","123456");//正常登录
- login("'or'1=1","123456");//非正常登录
- }
- //登录业务
- public static void login(String username, String password){
- Connection conn = null;
- Statement st = null;
- ResultSet rs = null;
- //SQL
- try {
- conn = JdbcUtils.getConnection();
- st = conn.createStatement();
- //SQL
- //SELECT * FROM users WHERE `NAME` = 'zhangsan' AND `PASSWORD` = '123456';
- String sql = "SELECT * FROM users WHERE `NAME`='"+username+"'AND`PASSWORD`='"+password+"'";
- rs = st.executeQuery(sql);//查询完毕会返回一个结果集
- while (rs.next()) {
- System.out.println(rs.getString("NAME"));
- System.out.println(rs.getString("PASSWORD"));
- System.out.println("============================");
- }
- } catch (SQLException throwables) {
- throwables.printStackTrace();
- } finally {
- JdbcUtils.release(conn, st, rs);
- }
- }
- }
输出结果:
错误的用户名或者密码可以获取到全部的用户信息
-
相关阅读:
10.Async异步函数
199、在RabbitMQ管理控制台中管理 Exchange(充当消息交换机的组件) 和 Queue(消息队列),以及对默认Exchange的讲解
局域网内vue2 配置本地IP地址访问项目
windows 调用 static lib
mysql事务
关于xlrd.biffh.XLRDError: Excel xlsx file; not supported的解决方法
Java Stream流的详解
windows系统手把手教你安装python虚拟环境
极智Paper | 多任务统一网络 YOLOR
【rust】cargo的概念和使用方法
- 原文地址:https://blog.csdn.net/qq_46423017/article/details/126220759
