ResultSet:
PreparedStatement:
Connection:
注入问题:
public class Demo3 { public static void main(String[] args) throws ClassNotFoundException, SQLException { //1:注册驱动 Class.forName("com.mysql.jdbc.Driver"); //2:获取连接对象 String url="jdbc:mysql://localhost:3306/demo0803?characterEncoding=utf8"; String user="root"; String pwd="123456"; Connection conn=DriverManager.getConnection(url,user,pwd); //3:获取语句执行对象 Statement sta=conn.createStatement(); //4:执行sql语句 Scanner sc=new Scanner(System.in); System.out.println("请输入用户名:"); String name=sc.next(); System.out.println("请输入密码:"); String upwd=sc.next(); String sql="select count(*) from user where uname='"+name+"' and pwd='"+upwd+"'"; //查询时的结果集对象ResultSet ResultSet rs=sta.executeQuery(sql); //5处理结果集 int count=0; while(rs.next()){ count=rs.getInt(1); } if(count>0){ System.out.println("登录成功!"); }else{ System.out.println("用户名或密码错误!"); } //6:释放资源(先开后关) rs.close(); sta.close(); conn.close(); } }
拼接字符串:' '里加" "," "里加++,+ +里加变量名。select count(*) from user where uname='zhangsan' and pwd=' ' or '1=1' 查询语句时永远可以查询出结果的,那么用户就直接登录成功了。使用PreparedStatement来解决对应的问题。
设置登录功能:
public static void main(String[] args) throws ClassNotFoundException, SQLException { Scanner sc = new Scanner(System.in); System.out.println("请输入用户名:"); String name = sc.next(); System.out.println("请输入密码:"); String upwd = sc.next(); // 1:注册驱动 Class.forName("com.mysql.jdbc.Driver"); // 2:获取连接对象 String url = "jdbc:mysql://localhost:3306/demo0803?characterEncoding=utf8"; String user = "root"; String pwd = "123456"; Connection conn = DriverManager.getConnection(url, user, pwd); // 3:获取语句执行对象 String sql = "select count(*) from user where uname=? and pwd=?"; PreparedStatement pst = conn.prepareStatement(sql); // 4:执行sql语句 //给占位符赋值 pst.setString(1, name); pst.setString(2, upwd); // 查询时的结果集对象ResultSet ResultSet rs=pst.executeQuery(); // 5处理结果集 int count = 0; while (rs.next()) { count = rs.getInt(1); } if (count > 0) { System.out.println("登录成功!"); } else { System.out.println("用户名或密码错误!"); } // 6:释放资源(先开后关) rs.close(); pst.close(); conn.close(); }
预处理对象:
?占位符
执行SQL语句:
int executeUpdate(); --执行insert update delete语句.
ResultSet executeQuery(); --执行select语句.
boolean execute(); --执行select返回true 执行其他的语句返回false.
设置实际参数:
void setXxx(int index, Xxx xx) 将指定参数设置为给定Java的xx值。在将此值发送到数据库时,驱动程序将它转换成一个 SQL Xxx类型值。
步骤:
1. 注册驱动
2. 获取连接
3. 获取预处理对象
4. SQL语句占位符设置实际参数
5. 执行SQL语句
6. 释放资源
添加数据:
public class Demo05 { public static void main(String[] args) { //1:注册驱动 Connection conn=null; PreparedStatement pst=null; try { Class.forName("com.mysql.jdbc.Driver"); //2:获取连接对象 String url="jdbc:mysql://localhost:3306/demo0803?characterEncoding=utf8"; String pwd="123456"; conn=DriverManager.getConnection(url,user,pwd); //3:获取sql语句 String sql="insert into sort(sname,sdesc) values(?,?)"; pst=conn.prepareStatement(sql); //4获取语句执行对象 pst.setString(1,"棒棒糖"); pst.setString(2,"骗小孩钱的"); int row=pst.executeUpdate(); System.out.println(row); } catch (ClassNotFoundException e) { e.printStackTrace(); } catch (SQLException e) { e.printStackTrace(); }finally{ //6:释放资源(必须放在finally里,因为当上面报错,下面的程序不会执行,而他必须执行) try { pst.close(); conn.close(); } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } } } } 将所有报错的语句放入try快里面,下面在加入cantch语句快,可以使用第二种方法。 修改数据: public class Demo06 { public static void main(String[] args) throws ClassNotFoundException, SQLException { // 1:注册驱动 Class.forName("com.mysql.jdbc.Driver"); // 2:获取连接对象 String url = "jdbc:mysql://localhost:3306/demo0803?characterEncoding=utf8"; String user = "root"; String pwd = "123456"; Connection conn = DriverManager.getConnection(url, user, pwd); // 3:获取sql语句 String sql = "update sort set sname=?,sdesc=? where sid=?"; PreparedStatement pst = conn.prepareStatement(sql); // 4获取语句执行对象 pst.setString(1, "空调"); pst.setString(2, "吹凉风"); pst.setInt(3, 2); int row = pst.executeUpdate(); System.out.println(row); //6 pst.close(); conn.close(); } }
查询数据:
public class Demo07 { public static void main(String[] args) throws ClassNotFoundException, SQLException { // 1:注册驱动 Class.forName("com.mysql.jdbc.Driver"); // 2:获取连接对象 String url = "jdbc:mysql://localhost:3306/demo0803?characterEncoding=utf8"; String user = "root"; String pwd = "123456"; Connection conn = DriverManager.getConnection(url, user, pwd); // 3:获取sql语句 String sql = "select * from sort"; PreparedStatement pst = conn.prepareStatement(sql); // 4获取语句执行对象 ResultSet rs=pst.executeQuery(); //5处理结果集 while(rs.next()){ int sid=rs.getInt("sid"); String sname=rs.getString("sname"); String sdesc=rs.getString("sdesc"); System.out.println(sid+"..."+sname+"..."+sdesc); } pst.close(); conn.close(); } }
获取数据并且封装起来:
表的名字就是类的名字,表的每一行就相当于一个对象,字段就相当于成员变量。将成员变量private,点出get,set方法,重写toString()方法。
public class Sort { private int sid; private String sname; private String sdesc; public int getSid() { return sid; } public void setSid(int sid) { this.sid = sid; } public String getSname() { return sname; } public void setSname(String sname) { this.sname = sname; } public String getSdesc() { return sdesc; } public void setSdesc(String sdesc) { this.sdesc = sdesc; } @Override public String toString() { return "Sort [sid=" + sid + ", sname=" + sname + ", sdesc=" + sdesc + "]"; } }
public class Demo08 { public static void main(String[] args) throws ClassNotFoundException, SQLException { // 1:注册驱动 Class.forName("com.mysql.jdbc.Driver"); // 2:获取连接对象 String url = "jdbc:mysql://localhost:3306/demo0803?characterEncoding=utf8"; String user = "root"; String pwd = "123456"; Connection conn = DriverManager.getConnection(url, user, pwd); // 3:获取sql语句 String sql = "select * from sort"; PreparedStatement pst = conn.prepareStatement(sql); // 4获取语句执行对象 ResultSet rs=pst.executeQuery(); //5处理结果集 ArrayList<Sort> arr=new ArrayList<Sort>(); while(rs.next()){ 第一次循环执行第一条数据,依次类推, int sid=rs.getInt("sid"); 调用重载的方法 String sname=rs.getString("sname"); String sdesc=rs.getString("sdesc"); System.out.println(sid+"..."+sname+"..."+sdesc); Sort sort=new Sort(); 将每一条数据存到对象里,在将所有对象存入ArrayList集合里。 sort.setSid(sid);//sort.setSid(rs.getInt("sid")); 简化代码的写法 sort.setSname(sname);//sort.setSname(rs.getString("sname")) sort.setSdesc(sdesc);//sort.setSdesc(rs.getString("sdesc")) arr.add(sort); } System.out.println(arr); pst.close(); conn.close(); } }
JDBC工具类:
public class JDBCUtils { //获取连接对象 public static Connection getConn(){ Connection conn=null; try { // 2:获取连接对象 String url = "jdbc:mysql://localhost:3306/demo0803?characterEncoding=utf8"; String user = "root"; String pwd = "123456"; conn = DriverManager.getConnection(url, user, pwd); Class.forName("com.mysql.jdbc.Driver"); } catch (ClassNotFoundException e) { e.printStackTrace(); } catch (SQLException e) { e.printStackTrace(); } return conn; } public static void close(Connection conn,PreparedStatement pst){ if(pst!=null){ try { pst.close(); } catch (SQLException e) { e.printStackTrace(); } } if(conn!=null){ try { conn.close(); } catch (SQLException e) { e.printStackTrace(); } } } //查询释放资源 public static void close(Connection conn,PreparedStatement pst,ResultSet rs){ if(rs!=null){ try { rs.close(); } catch (SQLException e) { e.printStackTrace(); } } if(pst!=null){ try { pst.close(); } catch (SQLException e) { e.printStackTrace(); } } if(conn!=null){ try { conn.close(); } catch (SQLException e) { e.printStackTrace(); } } } }
public class Demo09 { public static void main(String[] args) throws ClassNotFoundException, SQLException { Connection conn=JDBCUtils.getConn(); // 3:获取sql语句 String sql = "select * from sort"; PreparedStatement pst = conn.prepareStatement(sql); // 4获取语句执行对象 ResultSet rs=pst.executeQuery(); //5处理结果集 ArrayList<Sort> arr=new ArrayList<Sort>(); while(rs.next()){ int sid=rs.getInt("sid"); String sname=rs.getString("sname"); String sdesc=rs.getString("sdesc"); System.out.println(sid+"..."+sname+"..."+sdesc); Sort sort=new Sort(); sort.setSid(sid);//sort.setSid(rs.getInt("sid")); sort.setSname(sname);//sort.setSname(rs.getString("sname")) sort.setSdesc(sdesc);//sort.setSdesc(rs.getString("sdesc")) arr.add(sort); } System.out.println(arr); JDBCUtils.close(conn,pst, rs); } }