preparedstatment:可读性更强,安全,防止sql注入,效率更高
PreparedStatment 语法:
Connection conn = null; PreparedStatement ps = null; ResultSet res = null; try { conn = DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:orcl", "scott", "tiger"); // sql 语句 String sql = "select * from userinfos where user_id = ? and user_password = ?"; ps = conn.prepareStatement(sql); //设置sql的问号占位符的值 ps.setString(1, id); ps.setString(2, password); res = ps.executeQuery();
封装工具类:*
package tool; import java.sql.Connection; import java.sql.DriverManager; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; import java.util.List; public class DBTool { static Connection conn = null; static{ try { Class.forName("oracle.jdbc.driver.OracleDriver"); } catch (ClassNotFoundException e) { e.printStackTrace(); } try { conn = DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:orcl","scott","tiger"); } catch (SQLException e) { e.printStackTrace(); } } //增删改方法,不需要传入操作值 public int excuteOper(String sql){ int ret = 0; try { PreparedStatement ps = DBTool.conn.prepareStatement(sql); ret = ps.executeUpdate(); close(null, ps, conn); } catch (SQLException e) { e.printStackTrace(); } return ret; } //增删改方法 ,sql 语句带问号 public int excuteOper(String sql,List<Object> list){ int ret = 0; try { PreparedStatement ps = DBTool.conn.prepareStatement(sql); for(int i = 0; i < list.size(); i++){ Object obj = list.get(i); if(obj instanceof String){ ps.setString(i+1, obj.toString()); } if(obj instanceof Integer){ ps.setInt(i+1, (int)obj); } if(obj instanceof Float){ ps.setFloat(i+1, (float)obj); } ret = ps.executeUpdate(); } close(null, ps, conn); } catch (SQLException e) { e.printStackTrace(); } return ret; } //查询方法,不带参 public ResultSet Query(String sql){ ResultSet res = null; try { PreparedStatement ps = DBTool.conn.prepareStatement(sql); res = ps.executeQuery(); //close(null, ps, conn); } catch (SQLException e) { e.printStackTrace(); } return res; } //查询方法,带问号 public ResultSet Query(String sql,List<Object> list){ ResultSet res = null; try { PreparedStatement ps = DBTool.conn.prepareStatement(sql); for (int i = 0; i < list.size(); i++) { Object obj = list.get(i); if(obj instanceof String){ ps.setString(i+1, obj.toString()); } if(obj instanceof Integer){ ps.setInt(i+1, (int)obj); } if(obj instanceof Float){ ps.setFloat(i+1, (float)obj); } } res = ps.executeQuery(); //close(null, ps, conn); } catch (SQLException e) { e.printStackTrace(); } return res; } public void close(ResultSet res,Statement ps,Connection conn){ try { if(res != null){ res.close(); } if(ps != null){ ps.close(); } if(conn != null){ conn.close(); } } catch (SQLException e) { e.printStackTrace(); } } }