跟汤老师学Java笔记:PreparedStatement接口
跟汤老师学Java笔记:PreparedStatement接口
完成:第一遍
1.什么是PreparedStatement接口?
PreparedStatement接口继承自Statement接口,推荐使用
2.PreparedStatement接口和Statement接口相比有哪些优点?
第一:使用PreparedStatement接口可以使用?占位符,简单易读(也称之为动态SQL语句)
第二:提前预编译SQL语句,效率更高
第三:更安全,避免出现SQL注入的问题
3.创建statement对象和创建preparedStatement的不同之处在哪里?
statement=conn.createStatement();//无参数,方法是:createStatement()
preparedStatement = conn.prepareStatement(sql);//必须有参数sql语句,
方法是:prepareStatement(sql)
package season19;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
/**
* JDBC工具类
*/
public class JdbcUtil {
/**
* 获取数据库连接
*/
public static Connection getConnection() {
String driverClassName = "com.mysql.jdbc.Driver";
String url = "jdbc:mysql://localhost:3306/test?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true";
String username = "root";
String password = "123456";
Connection conn = null;
try {
Class.forName(driverClassName);
conn = DriverManager.getConnection(url, username, password);
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
}
return conn;
}
/**
* 关闭资源
*/
public static void close(Connection conn, Statement stmt, ResultSet rs) {
if (rs != null) {
try {
rs.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (stmt != null) {
try {
stmt.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (conn != null) {
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
public static void close(Connection conn, Statement stmt) {
close(conn, stmt, null);
}
}
package season19;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
public class Test{
public static void main(String[] args) {
boolean flag = login("admin", "123' or '1=1");
System.out.println(flag);
User user = new User();
user.setUsername("ddd");
user.setPassword("111");
user.setAge(25);
register(user);
System.out.println("注册成功");
}
/*
* 用户登陆
*/
public static boolean login(String username, String password) {
String sql001="select id,username,password,age from t_user where username='"+username+"' and password='"+password+"'";
String sql002 = "select id,username,password,age from t_user where username=? and password=?";
// 建议使用StringBuffer或StringBuilder拼接SQL语句,关键字、表名、列名等独占一行
String sql=new StringBuilder()
.append(" select ")
.append(" id,username,password,age ")
.append(" from ")
.append(" t_user ")
.append(" where ")
.append(" username = ? and password = ? ")
.toString();
Connection conn = null;
// Statement stmt=null;
PreparedStatement ps = null;
ResultSet rs = null;
try {
conn = JdbcUtil.getConnection();
// stmt=conn.createStatement();
// rs = stmt.executeQuery(sql);
// 获取PreparedStatement,需要传入sql,进行预编译
ps = conn.prepareStatement(sql);
// 为占符符?赋值,编号从1开始
//set()方法根据要填的数据类型选择:可以setInt(),setDate()
ps.setString(1, username);
ps.setString(2, password);
rs = ps.executeQuery();
// 如果返回结果集中最多只有一条记录,可以使用if
if (rs.next()) {
return true;
}
} catch (SQLException e) {
e.printStackTrace();
}finally{
JdbcUtil.close(conn, ps, rs);
}
return false;
}
/*
* 用户注册
*/
public static void register(User user){
String sql = new StringBuffer()
.append(" insert into ")
.append(" t_user ")
.append(" (username,password,age) ")
.append(" values ")
.append(" (?,?,?) ")
.toString();
Connection conn=null;
PreparedStatement ps = null;
try {
conn=JdbcUtil.getConnection();
ps=conn.prepareStatement(sql);
// ps.setString(1, user.getUsername());
// ps.setString(2, user.getPassword());
// ps.setInt(3, user.getAge());
// set后的类型只代表第二个参数类型,不代表数据库对应的类型
ps.setObject(1, user.getUsername());
ps.setObject(2, user.getPassword());
ps.setObject(3, user.getAge());
ps.executeUpdate();
} catch (SQLException e) {
e.printStackTrace();
}finally{
JdbcUtil.close(conn, ps);
}
}
}
class User {
private Integer id;
private String username;
private String password;
private Integer age;
public User() {
super();
}
public User(Integer id, String username, String password, Integer age) {
super();
this.id = id;
this.username = username;
this.password = password;
this.age = age;
}
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public Integer getAge() {
return age;
}
public void setAge(Integer age) {
this.age = age;
}
@Override
public String toString() {
return "User [id=" + id + ", username=" + username + ", password="
+ password + ", age=" + age + "]\n";
}
}