JDBC工具类通用upda方法和PreparedStatement

补充JdbcTools 类通用方法update(String sql,object ...args);
/**
 * 通用方法update(String sql,Object...args)
 * */
public static void update(String sql, Object ... args){
    Connection connection = null;
    PreparedStatement preparedStatement = null;

    try {
        connection = JDBC_Tools.getConnection();
        preparedStatement = connection.prepareStatement(sql);

        for(int i = 0; i < args.length; i++){
            preparedStatement.setObject(i + 1, args[i]);
        }
        preparedStatement.executeUpdate();
    } catch (Exception e) {
        e.printStackTrace();
    } finally{
        JDBC_Tools.relaseSource(null,connection,preparedStatement);
    }
}
preparedStatement类--可解决SQL注入与sql语句占位符的问题
   String sql = "INSERT INTO Grade (name, sex, grade) VALUES(?,?,?)";
   preparedStatement = connection.prepareStatement(sql);
   preparedStatement.setString(1, "李严");
   ...
   preparedStatement.executeUpdate();

你可能感兴趣的:(JDBC)