• 69期-Java SE-038_JDBC-2


    ### JDBC
    
    DriverManager—》Connection—〉Statement—》ResultSet
    
    1、加载数据库驱动,Java Application 和数据库之间的桥梁。
    
    2、获取 Connection,一次连接。
    
    3、Statement,由 Connection 产生,执行 SQL 语句。
    
    4、如果是查询操作,ResultSet 保存 Statement 执行后所产生的结果,如果是增、删、改操作,直接返回 int 数据。
    
    
    
    ### PreparedStatement 
    
    Statment 的子接口,提供了一个 SQL 占位符功能。
    
    ```sql
    select * from user where id = 1;
    select * from user where id = ?;
    ```
    
    为了解决动态拼接 SQL 语句所带来的问题,手动拼接的弊端?
    
    - 麻烦,容易出错
    - SQL 注入的风险
    
    利用某些系统没有对用户输入的数据进行充分校验,在用户输入的数据中注入非法的 SQL 语句,从而利用系统的 SQL 引擎完成恶意操作的行为。
    
    
    
    使用 PreparedStatement 提供的 SQL 占位符功能一方面可以简化 SQL 代码的编写,提高效率,减少出错的概率,同时还可以有效防止 SQL 注入。
    
    
    
    PreparedStatement 防止 SQL 注入的基本原理:
    
    SQL 语句在程序运行前已经进行了预编译,在操作数据库之前,SQL 语句已经被数据库引擎编译,优化,当动态参数传给 PreparedStatement,数据库会自动检测参数值,如果包含" or 1=1",则会把这个值整体当作字段的值来进行判断,而不会进行逻辑运算。
    
    
    
    将图片存入数据库
    
    原理:将图片转为二进制流,然后将二进制流保存到数据库中,要求存储图片的字段数据类型为二进制类型。
    
    MySQL 有四种二进制数据类型(除了存储最大信息量不同之外,没有区别)
    
    blob 最大 65 KB
    
    tynyblob 最大 255 KB 255*1024 byte
    
    mediumblob 最大 16 MB
    
    longblob 最大 4 GB
    
    1、在数据表中添加一个字段 mediumblob 类型。
    
    2、在 Java 程序中通过 JDBC 向数据库插入图片数据。
    
        - 将图片转为二进制流。
        - 通过调用 setBlob() 方法完成数据的传入。
    
    将图片保存到数据库中。
    
    ```java
    package com.southwind.test;
    
    import com.southwind.utils.JDBCTools;
    
    import java.io.FileInputStream;
    import java.io.FileNotFoundException;
    import java.io.IOException;
    import java.io.InputStream;
    import java.sql.Connection;
    import java.sql.PreparedStatement;
    import java.sql.SQLException;
    
    public class BlobTest {
        public static void main(String[] args) {
            Connection connection = JDBCTools.getConnection();
            PreparedStatement preparedStatement = null;
            try {
                InputStream inputStream = new FileInputStream("1.png");
                System.out.println(inputStream.available());
                String sql = "insert into t_user(username,password,age,file) values(?,?,?,?)";
                preparedStatement = connection.prepareStatement(sql);
                preparedStatement.setString(1,"图片");
                preparedStatement.setString(2,"000");
                preparedStatement.setInt(3,18);
                preparedStatement.setBlob(4,inputStream);
                preparedStatement.executeUpdate();
            } catch (FileNotFoundException e) {
                e.printStackTrace();
            } catch (IOException e){
                e.printStackTrace();
            } catch (SQLException e){
                e.printStackTrace();
            }finally {
                JDBCTools.release(connection,preparedStatement,null);
            }
        }
    }
    ```
    
    从数据库中读取图片。
    
    ```java
    package com.southwind.test;
    
    import com.southwind.utils.JDBCTools;
    
    import java.io.*;
    import java.sql.*;
    
    public class ReadImg {
        public static void main(String[] args) {
            Connection connection = JDBCTools.getConnection();
            PreparedStatement preparedStatement = null;
            ResultSet resultSet = null;
            InputStream inputStream = null;
            OutputStream outputStream = null;
            try {
                String sql = "select * from t_user where id = ?";
                preparedStatement = connection.prepareStatement(sql);
                preparedStatement.setInt(1,30);
                resultSet = preparedStatement.executeQuery();
                if(resultSet.next()){
                    int id = resultSet.getInt(1);
                    String username = resultSet.getString(2);
                    String password = resultSet.getString(3);
                    int age = resultSet.getInt(4);
                    Blob file = resultSet.getBlob(5);
                    System.out.println(id);
                    System.out.println(username);
                    System.out.println(password);
                    System.out.println(age);
                    System.out.println(file);
                    inputStream = file.getBinaryStream();
                    outputStream = new FileOutputStream("3.jpg");
                    int temp = 0;
                    while((temp = inputStream.read())!=-1){
                        outputStream.write(temp);
                    }
                }
            } catch (SQLException e) {
                e.printStackTrace();
            } catch (FileNotFoundException e){
                e.printStackTrace();
            } catch (IOException e){
                e.printStackTrace();
            } finally {
                JDBCTools.release(connection,preparedStatement,resultSet);
                try {
                    inputStream.close();
                    outputStream.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
        }
    }
    ```

    ReadImg.java

    package com.southwind.test;
    
    import com.southwind.utils.JDBCTools;
    
    import java.io.*;
    import java.sql.*;
    
    public class ReadImg {
        public static void main(String[] args) {
            Connection connection = JDBCTools.getConnection();
            PreparedStatement preparedStatement = null;
            ResultSet resultSet = null;
            InputStream inputStream = null;
            OutputStream outputStream = null;
            try {
                String sql = "select * from t_user where id = ?";
                preparedStatement = connection.prepareStatement(sql);
                preparedStatement.setInt(1,30);
                resultSet = preparedStatement.executeQuery();
                if(resultSet.next()){
                    int id = resultSet.getInt(1);
                    String username = resultSet.getString(2);
                    String password = resultSet.getString(3);
                    int age = resultSet.getInt(4);
                    Blob file = resultSet.getBlob(5);
                    System.out.println(id);
                    System.out.println(username);
                    System.out.println(password);
                    System.out.println(age);
                    System.out.println(file);
                    inputStream = file.getBinaryStream();
                    outputStream = new FileOutputStream("2.png");
                    int temp = 0;
                    while((temp = inputStream.read())!=-1){
                        outputStream.write(temp);
                    }
                }
            } catch (SQLException e) {
                e.printStackTrace();
            } catch (FileNotFoundException e){
                e.printStackTrace();
            } catch (IOException e){
                e.printStackTrace();
            } finally {
                JDBCTools.release(connection,preparedStatement,resultSet);
                try {
                    inputStream.close();
                    outputStream.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
        }
    }

    Test.java

    package com.southwind.test;
    
    import com.southwind.utils.JDBCTools;
    
    import java.sql.*;
    
    public class Test {
        public static void main(String[] args) {
            System.out.println(login("dsaf' or '1'='1","asdf' or '1'='1"));
            System.out.println(login2("zhangsan","123"));
        }
    
        public static boolean login(String username,String password){
            Connection connection = null;
            Statement statement = null;
            ResultSet resultSet = null;
            boolean flag = false;
            try {
                connection = JDBCTools.getConnection();
                String sql = "select * from t_user where username = '"+username+"' and password = '"+password+"'";
                statement = connection.createStatement();
                resultSet = statement.executeQuery(sql);
                if(resultSet.next()){
                    flag = true;
                }
            } catch (SQLException e) {
                e.printStackTrace();
            } finally {
                JDBCTools.release(connection,statement,resultSet);
            }
            return flag;
        }
    
        public static boolean login2(String username,String password){
            Connection connection = null;
            PreparedStatement preparedStatement = null;
            ResultSet resultSet = null;
            boolean flag = false;
            try {
                connection = JDBCTools.getConnection();
                String sql = "select * from t_user where username = ? and password = ?";
                System.out.println(sql);
                preparedStatement = connection.prepareStatement(sql);
                preparedStatement.setString(1,username);
                preparedStatement.setString(2,password);
                resultSet = preparedStatement.executeQuery();
                if(resultSet.next()){
                    flag = true;
                }
            } catch (SQLException e) {
                e.printStackTrace();
            } finally {
                JDBCTools.release(connection,preparedStatement,resultSet);
            }
            return flag;
        }
    
    }

    WriteImg.java

    package com.southwind.test;
    
    import com.southwind.utils.JDBCTools;
    
    import java.io.FileInputStream;
    import java.io.FileNotFoundException;
    import java.io.IOException;
    import java.io.InputStream;
    import java.sql.Connection;
    import java.sql.PreparedStatement;
    import java.sql.SQLException;
    
    public class WriteImg {
        public static void main(String[] args) {
            Connection connection = JDBCTools.getConnection();
            PreparedStatement preparedStatement = null;
            try {
                InputStream inputStream = new FileInputStream("1.png");
                System.out.println(inputStream.available());
                String sql = "insert into t_user(username,password,age,file) values(?,?,?,?)";
                preparedStatement = connection.prepareStatement(sql);
                preparedStatement.setString(1,"图片");
                preparedStatement.setString(2,"000");
                preparedStatement.setInt(3,18);
                preparedStatement.setBlob(4,inputStream);
                preparedStatement.executeUpdate();
            } catch (FileNotFoundException e) {
                e.printStackTrace();
            } catch (IOException e){
                e.printStackTrace();
            } catch (SQLException e){
                e.printStackTrace();
            }finally {
                JDBCTools.release(connection,preparedStatement,null);
            }
        }
    }

    JDBCTools.java

    package com.southwind.utils;
    
    import java.sql.*;
    
    public class JDBCTools {
        private static String url = "jdbc:mysql://localhost:3306/mbtest?useUnicode=true&characterEncoding=UTF-8";
        private static String user = "root";
        private static String password = "root";
        private static String driverName = "com.mysql.cj.jdbc.Driver";
    
        static{
            try {
                Class.forName(driverName);
            } catch (ClassNotFoundException e) {
                e.printStackTrace();
            }
        }
    
        public static Connection getConnection(){
            Connection connection = null;
            try {
                connection = DriverManager.getConnection(url,user,password);
            } catch (SQLException e) {
                e.printStackTrace();
            }
            return connection;
        }
    
        public static void release(Connection connection, Statement statement, ResultSet resultSet){
            try {
                if(connection!=null){
                    connection.close();
                }
                if(statement!=null){
                    statement.close();
                }
                if(resultSet!=null){
                    resultSet.close();
                }
            } catch (SQLException e) {
                e.printStackTrace();
            }
        }
    }
  • 相关阅读:
    lear for video
    My needs test
    jungle
    因文章很荣幸的被别人抄袭了,为了刚这种人,决定以后将文章都用英文发布出来
    atom 安装multi-cursor 插件 实现多行编辑
    Typora下使用markdown进行插入图片
    dockerhub/jenkins
    promethus grafana dingtalk pushgateway alertermanager
    关于自律比较好的一篇文章
    @WebService这个标签的作用是什么
  • 原文地址:https://www.cnblogs.com/HiJackykun/p/11182554.html
Copyright © 2020-2023  润新知