sql注入问题的解决和代码优化:JBDC连接池-c3p0-dbutils,idea版

次目的为结果sql注入问题,还有简化代码,提高效率,节省内存

准备工作:
sql注入问题的解决和代码优化:JBDC连接池-c3p0-dbutils,idea版_第1张图片
在项目下创建一个lib文件夹,将这4个jar包导入,c3p0是Apache组织的

sql注入问题的解决和代码优化:JBDC连接池-c3p0-dbutils,idea版_第2张图片

package JDBC_数据库连接.JDBC连接池_dbutils.JavaBean;
//实体类,映射数据库中的表
public class User {
    private int id ;
    private String username;
    private String password;

    public User(int id, String username, String password) {
        this.id = id;
        this.username = username;
        this.password = password;
    }

    public User() {}

    public int getId() {
        return id;
    }

    public void setId(int id) {
        this.id = id;
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }
}

package JDBC_数据库连接.JDBC连接池_dbutils.JdbcService;
//接口
import JDBC_数据库连接.JDBC连接池_dbutils.JavaBean.User;

import java.sql.SQLException;

public interface JdbcService {


    int insert(String username,String password) throws SQLException;
    int delete(int id ) throws SQLException;
    int update(String password,int id) throws SQLException;
    void selectAll() throws SQLException;
    User selectOne(int id) throws SQLException;
    void selectCount(String lastName) throws SQLException;




}

package JDBC_数据库连接.JDBC连接池_dbutils.JdbcServiecImpl;
//接口实现类
import JDBC_数据库连接.JDBC连接池_dbutils.JavaBean.User;
import JDBC_数据库连接.JDBC连接池_dbutils.JdbcService.JdbcService;
import JDBC_数据库连接.JDBC连接池_dbutils.JdbcUtils.JdbcUtils;
import org.apache.commons.dbutils.QueryRunner;
import org.apache.commons.dbutils.handlers.BeanHandler;
import org.apache.commons.dbutils.handlers.BeanListHandler;
import org.apache.commons.dbutils.handlers.ScalarHandler;

import java.sql.SQLException;
import java.util.List;

public class JdbcServiceImpl implements JdbcService {

    QueryRunner qr=new QueryRunner(JdbcUtils.getDataSource());
    @Override
    public int insert(String username, String password) throws SQLException {
        String sql="insert into user values(null,?,?)";
        int row=qr.update(sql,username,password);
        return row;
    }

    @Override
    public int delete(int id) throws SQLException {
        String sql="delete from user where id=?";
        int row=qr.update(sql,id);
        return row;
    }

    @Override
    public int update(String password, int id) throws SQLException {
            String sql="update user set password=? where id=?";
            int row=qr.update(sql,password,id);
            return row;
    }

    @Override
    public void selectAll() throws SQLException {
        String sql="select *from user";
        List list=qr.query(sql,new BeanListHandler(User.class));
       for(User u:list){
           System.out.println(u.getId()+"--"+u.getUsername()+"--"+u.getPassword());
       }
    }

    @Override
    public User selectOne(int id) throws SQLException {
        String sql="select *from user where id=?";
        User u=qr.query(sql,new BeanHandler(User.class),id);
        return u;
    }

    @Override
    public void selectCount(String lastName) throws SQLException {
        String sql="select count(*) from user where username like ?";
        long count=qr.query(sql,new ScalarHandler<>(),lastName+"%");
        System.out.println(count);
    }
}

package JDBC_数据库连接.JDBC连接池_dbutils.JdbcUtils;
//工具类
import com.mchange.v2.c3p0.ComboPooledDataSource;

import javax.sql.DataSource;

public class JdbcUtils {
    public static DataSource ds=null;
    static{
        ds=new ComboPooledDataSource("c3p0");
    }
    public static DataSource getDataSource(){
        return ds;
    }
}

package JDBC_数据库连接.JDBC连接池_dbutils.JdbcTest;
//测试类
import JDBC_数据库连接.JDBC连接池_dbutils.JavaBean.User;
import JDBC_数据库连接.JDBC连接池_dbutils.JdbcServiecImpl.JdbcServiceImpl;

import java.sql.SQLException;
import java.util.Scanner;

public class JdbcTest {
    public static void main(String[] args) {

        JdbcServiceImpl imp = new JdbcServiceImpl();
        Scanner sc = new Scanner(System.in);
        try {
            while (true) {
                System.out.println("1、增加用户\t2、删除用户\t3、修改信息\t4、查看所有信息\t5、查看单人信息\t6、统计人数\t7、退出");
                String num = sc.next();
                switch (num) {
                    case "1":
                        System.out.println("请输入用户名");
                        String username = sc.next();
                        System.out.println("请输入密码");
                        String password = sc.next();
                        if (imp.insert(username, password) > 0)
                            System.out.println("添加成功");
                        else
                            System.out.println("添加失败");
                        break;
                    case "2":
                        System.out.println("请输入id");
                        int id = sc.nextInt();
                        if (imp.delete(id) > 0)
                            System.out.println("删除成功");
                        else
                            System.out.println("删除失败");
                        break;
                    case "3":
                        System.out.println("请输入id");
                        int upid = sc.nextInt();
                        System.out.println("请输入密码");
                        String newPassword = sc.next();
                        if (imp.update(newPassword, upid) > 0)
                            System.out.println("修改成功");
                        else
                            System.out.println("修改失败");
                        break;
                    case "4":
                        imp.selectAll();
                        break;
                    case "5":
                        System.out.println("请输入id");
                        int sid = sc.nextInt();
                        User u = imp.selectOne(sid);
                        System.out.println(u.getId() + "--" + u.getUsername() + "--" + u.getPassword());
                        break;
                    case "6":
                        System.out.println("请输入姓");
                        String lastName = sc.next();
                        imp.selectCount(lastName);
                        break;
                    case "7":
                        return;
                }
            }
        } catch (SQLException e) {
            e.printStackTrace();
        }

    }
}

你可能感兴趣的:(JDBC)