JDBC-day02(使用PreparedStatement实现CRUD操作)

所需的数据库数据要导入到自己的数据库库中

三:使用PreparedStatement实现CRUD操作

  • 数据库连接被用于向数据库服务器发送命令和 SQL 语句,并接受数据库服务器返回的结果。其实一个数据库连接就是一个Socket连接
  • CRUD操作:根据返回值的有无可分为两类
    • 删除,添加,修改
    • 查询
  • 在 java.sql 包中有 3 个接口分别定义了对数据库的调用的不同方式:
    • Statement:用于执行静态 SQL 语句并返回它所生成结果的对象。
    • PrepatedStatement:SQL 语句被预编译并存储在此对象中,可以使用此对象多次高效地执行该语句。
    • CallableStatement:用于执行 SQL 存储过程

1.Statement类(可略过)

示例代码

public class User {

	private String user;
	private String password; 

	public User() {
	}

	public User(String user, String password) {
		super();
		this.user = user;
		this.password = password;
	}

	@Override
	public String toString() {
		return "User [user=" + user + ", password=" + password + "]";
	}

	public String getUser() {
		return user;
	}

	public void setUser(String user) {
		this.user = user;
	}

	public String getPassword() {
		return password;
	}

	public void setPassword(String password) {
		this.password = password;
	}
}
import java.io.InputStream;
import java.lang.reflect.Field;
import java.sql.Connection;      
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Properties;
import java.util.Scanner;

import org.junit.Test;

public class StatementTest {
	@Test
	public void testLogin() {
		Scanner scan = new Scanner(System.in);

		System.out.print("用户名:");
		String userName = scan.nextLine();
		System.out.print("密   码:");
		String password = scan.nextLine();

		// SELECT user,password FROM user_table WHERE USER = '1' or ' AND PASSWORD = '
		// ='1' or '1' = '1';
		String sql = "SELECT user,password FROM user_table WHERE user = ? and password = ?";
		User user = get(sql, User.class);
		if (user != null) {
			System.out.println("登陆成功!");
		} else {
			System.out.println("用户名或密码错误!");
		}
	}

	// 使用Statement实现对数据表的查询操作
	public <T> T get(String sql, Class<T> clazz) {
		T t = null;

		Connection conn = null;
		Statement st = null;
		ResultSet rs = null;
		try {
			// 1.加载配置文件
			InputStream is = StatementTest.class.getClassLoader().getResourceAsStream("jdbc.properties");
			Properties pros = new Properties();
			pros.load(is);

			// 2.读取配置信息
			String user = pros.getProperty("user");
			String password = pros.getProperty("password");
			String url = pros.getProperty("url");
			String driverClass = pros.getProperty("driverClass");

			// 3.加载驱动
			Class.forName(driverClass);

			// 4.获取连接
			conn = DriverManager.getConnection(url, user, password);

			st = conn.createStatement();

			rs = st.executeQuery(sql);

			// 获取结果集的元数据
			ResultSetMetaData rsmd = rs.getMetaData();

			// 获取结果集的列数
			int columnCount = rsmd.getColumnCount();

			if (rs.next()) {

				t = clazz.newInstance();

				for (int i = 0; i < columnCount; i++) {
					// //1. 获取列的名称
					// String columnName = rsmd.getColumnName(i+1);

					// 1. 获取列的别名
					String columnName = rsmd.getColumnLabel(i + 1);

					// 2. 根据列名获取对应数据表中的数据
					Object columnVal = rs.getObject(columnName);

					// 3. 将数据表中得到的数据,封装进对象
					Field field = clazz.getDeclaredField(columnName);
					field.setAccessible(true);
					field.set(t, columnVal);
				}
				return t;
			}
		} catch (Exception e) {
			e.printStackTrace();
		} finally {
			// 关闭资源
			if (rs != null) {
				try {
					rs.close();
				} catch (SQLException e) {
					e.printStackTrace();
				}
			}
			if (st != null) {
				try {
					st.close();
				} catch (SQLException e) {
					e.printStackTrace();
				}
			}

			if (conn != null) {
				try {
					conn.close();
				} catch (SQLException e) {
					e.printStackTrace();
				}
			}
		}

		return null;
	}

}
  • 上面的代码有两个问题
    • 问题一:存在拼串操作
      在SQL语句的编写中存在拼串的操作
    • 问题二:存在SQL注入问题
      在用户输入数据中注入非法的 SQL 语句段或命令
      (如:SELECT user, password FROM user_table WHERE user='a' OR 1 = ' AND password = ' OR '1' = '1')

使用PreparedStatement(从Statement扩展而来) 取代 Statement 就可以防范 SQL 注入
JDBC-day02(使用PreparedStatement实现CRUD操作)_第1张图片
代码优化见8.user查询的优化

2.PreparedStatement类

  • 可以通过调用 Connection 对象的 preparedStatement(String sql) 方法获取 PreparedStatement 对象

  • PreparedStatement 接口是 Statement 的子接口,它表示一条预编译过的 SQL 语句

  • PreparedStatement 对象所代表的 SQL 语句中的参数用问号(?)来表示,调用 PreparedStatement 对象的 setXxx() 方法来设置这些参数. setXxx() 方法有两个参数,第一个参数是要设置的 SQL 语句中的参数的索引(从 1 开始),第二个是设置的 SQL 语句中的参数的值

3.Java与SQL对应数据类型转换表

Java类型 SQL类型
boolean BIT
byte TINYINT
short SMALLINT
int INTEGER
long BIGINT
String CHAR,VARCHAR,LONGVARCHAR
byte array BINARY , VAR BINARY
java.sql.Date DATE
java.sql.Time TIME
java.sql.Timestamp TIMESTAMP

4.使用PreparedStatement类完成Customers表的增删改操作

增删改操作类似下面的案例都是以增数据为例
customers表中添加一条记录
**例:此处以添加为例

	@Test
	public void testInsert() {
		
		Connection conn = null;                    
		PreparedStatement ps = null;
		try {
			//1.读取配置文件中的配置信息
			InputStream is = ClassLoader.getSystemClassLoader().getResourceAsStream("jdbc.properties");//获取系统类加载器
			Properties pros = new Properties();
			pros.load(is);
			
			String user = pros.getProperty("user");
			String password = pros.getProperty("password");
			String url = pros.getProperty("url");
			String driverClass = pros.getProperty("driverClass");
			
			//2.加载驱动
			Class.forName(driverClass);
			//3.获取连接
			conn = DriverManager.getConnection(url,user,password);
			
			//4.预编译sql语句,返回PreparedStatement的实例
			String sql = "insert into customers(name,email,birth)values(?,?,?)";//?:占位符
			ps = conn.prepareStatement(sql);
			
			//5.填充占位符
			ps.setString(1, "邓紫棋");
			ps.setString(2, "[email protected]");
			SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
			java.util.Date date = sdf.parse("2001-09-15");
			ps.setDate(3, new Date(date.getTime()));
			
			//6.执行SQL操作
			ps.execute();
		} catch (Exception e) {
			e.printStackTrace();
		}finally {//7.资源关闭
			try {
				if(ps != null) {
					ps.close();
				}
			} catch (SQLException e) {
				e.printStackTrace();
			}
			
			try {
			if(conn != null) {
				conn.close();
			}
			} catch(Exception e) {
				e.printStackTrace();
			}
		}
	}

5.使用PreparedStatement类完成Customers表的增删改操作(上一步的优化)

将通用的连接与关闭资源写成一个工具类

import java.io.InputStream;
import java.sql.Connection;                   
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Properties;
//操作数据库的工具类
public class JDBC_Utils {
	//获取数据库连接
	public static Connection getConnection() throws Exception {
		InputStream is = ClassLoader.getSystemClassLoader().getResourceAsStream("jdbc.properties");
		Properties pros = new Properties();
		pros.load(is);
		
		String user = pros.getProperty("user");
		String password = pros.getProperty("password");
		String url = pros.getProperty("url");
		String driverClass = pros.getProperty("driverClass");
		
		Class.forName(driverClass);
		
		Connection conn = DriverManager.getConnection(url,user,password);
		return conn;
	}
	
	//关闭连接与Statement资源的操作
	public static void closeResource(Connection conn,Statement ps) {
		try {
			if(ps != null) {
				ps.close();
			}
		} catch (SQLException e) {
			e.printStackTrace();
		}
		
		try {
		if(conn != null) {
			conn.close();
		}
		} catch(Exception e) {
			e.printStackTrace();
		}
	}
}

上面的类命名时最好不要带下滑线,对测试customers表中添加一条记录

	@Test
	public void testUpdate(){	
		Connection conn = null;      
		PreparedStatement ps = null;
		try {
			//1.连接数据库
			conn = JDBC_Utils.getConnection();
			//2.预编译sql语句,返回PreparedStatement的实例
			String sql = "update customers set name = ? where id = ?";
			ps = conn.prepareStatement(sql);
			//3.填充占位符
			ps.setObject(1, "李响");
			ps.setObject(2, 18);
			//4.执行SQL语言
			ps.execute();
		} catch (Exception e) {
			e.printStackTrace();
		}finally {
		//5.资源关闭
		JDBC_Utils.closeResource(conn, ps);
	}
}

6.使用PreparedStatement类完成Customers表的增删改通用操作

public class UpdateTest {
	//通用的增删改操作
	@Test
	public void testCommonUpdate() {
//		String sql = "delete from customers where id = ?";               
//		update(sql,3);
		String sql = "update `order` set order_name = ? where order_id = ?";//当表名与关键字重合,可以用` `在SQL语句中加以区分
		update(sql,"DD","2");
	}
	public void update(String sql,Object ...args) {
		
		Connection conn = null;
		
		PreparedStatement ps = null;
		try {
			//1.获取数据库的连接
			conn = JDBC_Utils.getConnection();
			//2.预编译SQL语句
			ps = conn.prepareStatement(sql);
			//3.填充占位符(可变形参长度与SQL占位符数量一致)
			for(int i = 0;i < args.length;i++) {
				ps.setObject(i + 1,args[i]);//小心参数声明错误(从1开始)
			}
			//4.执行
			ps.execute();
		} catch (Exception e) {
			e.printStackTrace();
		}finally {
			//5.关闭资源
			JDBC_Utils.closeResource(conn, ps);
		}
	}
}

7.使用PreparedStatement类完成Customers表查询操作(单条数据)

import java.sql.Date;

/**
 * ORM编程思想(object relational mapping)对象关系映射
 * 一个数据表对应一个Java类
 * 表中的一条记录对应Java类的一个对象
 * 表中的一个字段对应Java类的一个属性
 */
public class Customer {
	private int id;       
	private String name;
	private String email;
	private Date birth;
	public Customer() {
		super();
	}
	public Customer(int id, String name, String email, Date birth) {
		super();
		this.id = id;
		this.name = name;
		this.email = email;
		this.birth = birth;
	}
	public int getId() {
		return id;
	}
	public void setId(int id) {
		this.id = id;
	}
	public String getName() {
		return name;
	}
	public void setName(String name) {
		this.name = name;
	}
	public String getEmail() {
		return email;
	}
	public void setEmail(String email) {
		this.email = email;
	}
	public Date getBirth() {
		return birth;
	}
	public void setBirth(Date birth) {
		this.birth = birth;
	}
	@Override
	public String toString() {
		return "Customer [id=" + id + ", name=" + name + ", email=" + email + ", birth=" + birth + "]";
	}
}

例:对customers表进行单条查询操作

	@Test
	public void testQuery1() {
		Connection conn = null;      
		PreparedStatement ps = null;
		
		ResultSet resultSet = null;
		try {
			conn = JDBC_Utils.getConnection();
			
			String sql = "select id,name,email,birth from customers where id = ?";
			ps = conn.prepareStatement(sql);
			ps.setObject(1, 1);
			
			//执行并返回结果集
			resultSet = ps.executeQuery();
			//处理结果集
			if(resultSet.next()) {//next():判断结果集下一条是否有数据;有,true并指针下移;没有,false,指针不下移;
				//获取当条数据的各个字段值
				int id = resultSet.getInt(1);
				String name = resultSet.getString(2);
				String email = resultSet.getString(3);
				Date birth = resultSet.getDate(4);
				
				//方式一
//			System.out.println("id =  " + id + " ,name =  " + name + " ,email =  " + email + " ,birth =  " + birth );
				
				//方式二
//			Object[] data = new Object[] {id,name,email,birth};
				
				//方式三:将数据封装为一个对象(推荐)
				Customer customer = new Customer(id,name,email,birth);
				System.out.println(customer);		
			}
		} catch (Exception e) {
			e.printStackTrace();
		}finally {
		//关闭资源
		JDBC_Utils.closeResource(conn, ps,resultSet);
		}
	}

8.使用PreparedStatement类完成Customers表查询通用操作(单条数据)

针对表的字段名与类的属性名不同的情况(如:针对Order表的通用的查询操作)

  • 1.必须在声明SQL时,使用类的属性名来命名表中字段的别名
  • 2.使用ResultSetMetaData时,需要使用getColumnLabel()来替换getColumnName()获得列的列名
  • 3.如果sql中没有给字段起别名时,查询的就是列的列名

例:针对Customers表的查询操作


public class CustomersQuery {
	@Test
	public void testQueryForCustomers() {
//		String sql = "select id,name,email,birth from customers where id = ?";                                   
//		Customer customer = queryForCustomers(sql,13);
//		System.out.println(customer);
		
		String sql = "select id,name,email,birth from customers where name = ?";
		Customer customer = queryForCustomers(sql,"周杰伦");
		System.out.println(customer);
	}
	
	/*
	 *针对customers表的通用操作 
	 */
	public Customer queryForCustomers(String sql,Object ...args) {
		Connection conn = null;
		PreparedStatement ps = null;
		ResultSet rs = null;
		try {
			conn = JDBC_Utils.getConnection();
			ps = conn.prepareStatement(sql);
			for(int i = 0;i < args.length;i++) {
				ps.setObject(i + 1, args[i]);
			}
			rs = ps.executeQuery();
			//获取结果集的元数据
			ResultSetMetaData rsmd = rs.getMetaData();
			//通过ResultSetMetaData获取结果集中的列数
			int columnCount = rsmd.getColumnCount();
			if(rs.next()) {
				Customer cust = new Customer();
				for(int i = 0;i < columnCount;i++) {
					//获取列值:结果集
					Object columnvalue = rs.getObject(i +1);
					//获取每个列的列名:结果集元数据
//					String columnName = rsmd.getColumnName(i + 1);
					//获取每个列的别名(无别名就获取表的列名):结果集元数据
					String columnLabel = rsmd.getColumnLabel(i + 1);
					
					//给cust指定columnName属性赋值为columnvalue,通过反射
					Field field = Customer.class.getDeclaredField(columnLabel);
					field.setAccessible(true);
					field.set(cust, columnvalue);
				}
				return cust;
			}
		}catch (Exception e) {
			e.printStackTrace();
		}finally {
			JDBC_Utils.closeResource(conn, ps, rs);
		}
		
		return null;
	}

例:针对Order表的通用的查询操作
order类

import java.sql.Date;

public class Order {
	private int orderId;      
	private String orderName;
	private Date orderDate;
	
	
	public Order() {
		super();
	}
	public Order(int orderId, String orderName, Date orderDate) {
		super();
		this.orderId = orderId;
		this.orderName = orderName;
		this.orderDate = orderDate;
	}
	public int getOrderId() {
		return orderId;
	}
	public void setOrderId(int orderId) {
		this.orderId = orderId;
	}
	public String getOrderName() {
		return orderName;
	}
	public void setOrderName(String orderName) {
		this.orderName = orderName;
	}
	public Date getOrderDate() {
		return orderDate;
	}
	public void setOrderDate(Date orderDate) {
		this.orderDate = orderDate;
	}
	@Override
	public String toString() {
		return "Order [orderId=" + orderId + ", orderName=" + orderName + ", orderDate=" + orderDate + "]";
	}
	
	
}

查询操作


import java.lang.reflect.Field;
import java.sql.Connection;        
import java.sql.Date;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.SQLException;

import org.junit.Test;

import com.jdbc.util.JDBC_Utils;

/**
 * 针对于Order表的通用的查询操作
 */
public class OrderForQuery {
	@Test
	public void testOrderForQuery(){
		String sql = "select order_id orderId,order_name orderName,order_date orderDate from `order` where order_id = ?";
		Order order = orderForQuery(sql,1);
		System.out.println(order);
	}
	
	/**
	 * 通用的针对于order表的查询操作
	 */
	public Order orderForQuery(String sql,Object...args){
		
		Connection conn = null;
		PreparedStatement ps = null;
		ResultSet rs = null;
		try {
			conn = JDBC_Utils.getConnection();
			ps = conn.prepareStatement(sql);
			for(int i = 0;i < args.length;i++){
				ps.setObject(i + 1, args[i]);
			}
			
			//执行,获取结果集
			rs = ps.executeQuery();
			//获取结果集的元数据
			ResultSetMetaData rsmd = rs.getMetaData();
			//获取列数
			int columnCount = rsmd.getColumnCount();
			if(rs.next()){
				Order order = new Order();
				for(int i = 0;i < columnCount;i++){
					//获取每个列的列值:通过ResultSet
					Object columnValue = rs.getObject(i + 1);
					//通过ResultSetMetaData
					//获取列的列名:getColumnName() --不推荐使用
					//获取列的别名:getColumnLabel()
//					String columnName = rsmd.getColumnName(i + 1);
					String columnLabel = rsmd.getColumnLabel(i + 1);
					
					//通过反射,将对象指定名columnName的属性赋值为指定的值columnValue
					Field field = Order.class.getDeclaredField(columnLabel);
					field.setAccessible(true);
					field.set(order, columnValue);
				}
				
				return order;
			}
		} catch (Exception e) {
			e.printStackTrace();
		}finally{
			
			JDBC_Utils.closeResource(conn, ps, rs);
		}
		
		
		return null;
		
	}
	
	
	@Test
	public void testQuery1(){
		
		Connection conn = null;
		PreparedStatement ps = null;
		ResultSet rs = null;
		try {
			conn = JDBC_Utils.getConnection();
			String sql = "select order_id,order_name,order_date from `order` where order_id = ?";
			ps = conn.prepareStatement(sql);
			ps.setObject(1, 1);
			
			rs = ps.executeQuery();
			if(rs.next()){
				int id = (int) rs.getObject(1);
				String name = (String) rs.getObject(2);
				Date date = (Date) rs.getObject(3);
				
				Order order = new Order(id, name, date);
				System.out.println(order);
			}
		} catch (Exception e) {
			e.printStackTrace();
		}finally{
			
			JDBC_Utils.closeResource(conn, ps, rs);
		}
		
	}
	
}

9.针对不同表不同字段的查询通用操作

针对不同表不同字段的查询通用操作,此时返回表中的一条记录

	@Test
	public void test1() {
		String sql = "select id,name,email from customers where id = ?";                  
		Customer customer = getInstance(Customer.class,sql,12);
		System.out.println(customer);
		
		String sql1 = "select order_id orderId,order_name orderName from `order` where order_id = ?";
		Order order = getInstance(Order.class,sql1,1);
		System.out.println(order);
	}
	
	
	public <T> T getInstance(Class<T> clazz,String sql,Object ...args) {
		Connection conn = null;
		PreparedStatement ps = null;
		ResultSet rs = null;
		try {
			conn = JDBC_Utils.getConnection();
			ps = conn.prepareStatement(sql);
			for(int i = 0;i < args.length;i++) {
				ps.setObject(i + 1, args[i]);
			}
			rs = ps.executeQuery();
			//获取结果集的元数据
			ResultSetMetaData rsmd = rs.getMetaData();
			//通过ResultSetMetaData获取结果集中的列数
			int columnCount = rsmd.getColumnCount();
			if(rs.next()) {
				T t = clazz.newInstance();
				for(int i = 0;i < columnCount;i++) {
					//获取列值:结果集
					Object columnvalue = rs.getObject(i +1);
					//获取每个列的列名:结果集元数据
//					String columnName = rsmd.getColumnName(i + 1);
					//获取每个列的别名(无别名就获取表的列名):结果集元数据
					String columnLabel = rsmd.getColumnLabel(i + 1);
					
					//给cust指定columnName属性赋值为columnvalue,通过反射
					Field field = clazz.getDeclaredField(columnLabel);
					field.setAccessible(true);
					field.set(t, columnvalue);
				}
				return t;
			}
		}catch (Exception e) {
			e.printStackTrace();
		}finally {
			JDBC_Utils.closeResource(conn, ps, rs);
		}
		
		return null;
	}

针对不同表不同字段的查询通用操作,返回多条数据

public class PreparedStatementQeryTest {
	@Test
	public void testGetForList() {
		String sql = "select id,name,email from customers where id > ?";      
		List<Customer> list = getForList(Customer.class,sql,12);
		//集合遍历
		list.forEach(System.out::println);
		
		String sql1 = "select order_id orderId,order_name orderName from `order`";
		List<Order> list1 = getForList(Order.class,sql1);
		list1.forEach(System.out::println);
	}
	public <T> List<T> getForList(Class<T> clazz,String sql,Object ...args){
		Connection conn = null;
		PreparedStatement ps = null;
		ResultSet rs = null;
		try {
			conn = JDBC_Utils.getConnection();
			ps = conn.prepareStatement(sql);
			for(int i = 0;i < args.length;i++) {
				ps.setObject(i + 1, args[i]);
			}
			rs = ps.executeQuery();
			//获取结果集的元数据
			ResultSetMetaData rsmd = rs.getMetaData();
			//通过ResultSetMetaData获取结果集中的列数
			int columnCount = rsmd.getColumnCount();
			//创建集合对象
			ArrayList<T> list = new ArrayList<T>();
			while(rs.next()) {
				T t = clazz.newInstance();
				//给t对象指定的属性赋值
				for(int i = 0;i < columnCount;i++) {
					//获取列值:结果集
					Object columnvalue = rs.getObject(i +1);
					//获取每个列的列名:结果集元数据
//					String columnName = rsmd.getColumnName(i + 1);
					//获取每个列的别名(无别名就获取表的列名):结果集元数据
					String columnLabel = rsmd.getColumnLabel(i + 1);
					
					//给cust指定columnName属性赋值为columnvalue,通过反射
					Field field = clazz.getDeclaredField(columnLabel);
					field.setAccessible(true);
					field.set(t, columnvalue);
				}
				list.add(t);
			}
			return list;
		}catch (Exception e) {
			e.printStackTrace();
		}finally {
			JDBC_Utils.closeResource(conn, ps, rs);
		}
		
		return null;
	}
}

增删改类似

10.user查询的优化

import java.lang.reflect.Field;
import java.sql.Connection;            
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.util.Scanner;

import org.junit.Test;

import com.jdbc.util.JDBC_Utils;
public class PreparedStatementTest {
	@Test
	public void testLogin() {
		Scanner scan = new Scanner(System.in);

		System.out.print("用户名:");
		String userName = scan.nextLine();
		System.out.print("密   码:");
		String password = scan.nextLine();

		// SELECT user,password FROM user_table WHERE USER = '1' or ' AND PASSWORD = '
		// ='1' or '1' = '1';
		String sql = "SELECT user,password FROM user_table WHERE USER = ? and password = ?";
		User user = getInstance(User.class, sql,userName,password);
		if (user != null) {
			System.out.println("登陆成功!");
		} else {
			System.out.println("用户名或密码错误!");
		}
	}
	//使用PreparedStatement针对不同表不同字段的查询通用操作,此时返回表中的一条记录
	public <T> T getInstance(Class<T> clazz,String sql,Object ...args) {
		Connection conn = null;
		PreparedStatement ps = null;
		ResultSet rs = null;
		try {
			conn = JDBC_Utils.getConnection();
			ps = conn.prepareStatement(sql);
			for(int i = 0;i < args.length;i++) {
				ps.setObject(i + 1, args[i]);
			}
			rs = ps.executeQuery();
			//获取结果集的元数据
			ResultSetMetaData rsmd = rs.getMetaData();
			//通过ResultSetMetaData获取结果集中的列数
			int columnCount = rsmd.getColumnCount();
			if(rs.next()) {
				T t = clazz.newInstance();
				for(int i = 0;i < columnCount;i++) {
					//获取列值:结果集
					Object columnvalue = rs.getObject(i +1);
					//获取每个列的列名:结果集元数据
//					String columnName = rsmd.getColumnName(i + 1);
					//获取每个列的别名(无别名就获取表的列名):结果集元数据
					String columnLabel = rsmd.getColumnLabel(i + 1);
					
					//给cust指定columnName属性赋值为columnvalue,通过反射
					Field field = clazz.getDeclaredField(columnLabel);
					field.setAccessible(true);
					field.set(t, columnvalue);
				}
				return t;
			}
		}catch (Exception e) {
			e.printStackTrace();
		}finally {
			JDBC_Utils.closeResource(conn, ps, rs);
		}
		
		return null;
	}
}



11.练习

练习一
JDBC-day02(使用PreparedStatement实现CRUD操作)_第2张图片

import java.sql.Connection;   
import java.sql.PreparedStatement;
import java.util.Scanner;

import org.junit.Test;

import com.jdbc.util.JDBC_Utils;
public class Exer1Test {
	@Test
	public void testInsert() {
		Scanner scanner = new Scanner(System.in);
		System.out.print("请输入用户名: ");
		String name = scanner.next();
		System.out.print("请输入邮箱: ");
		String email = scanner.next();
		System.out.print("请输入生日: ");
		String birthday = scanner.next();
		String sql = "insert into customers(name,email,birth)values(?,?,?)";
		int insertCount = update(sql,name,email,birthday);
		if(insertCount > 0) {
			System.out.println("添加成功");
		}else {
			System.out.println("添加失败");
		}
		
	}
	//通用的增删改操作
	public int update(String sql,Object ...args) {
		Connection conn = null;
		PreparedStatement ps = null;
		try {
			//1.获取数据库的连接
			conn = JDBC_Utils.getConnection();
			//2.预编译SQL语句
			ps = conn.prepareStatement(sql);
			//3.填充占位符(可变形参长度与SQL占位符数量一致)
			for(int i = 0;i < args.length;i++) {
				ps.setObject(i + 1,args[i]);//小心参数声明错误(从1开始)
			}
			//4.执行
			/**
			 * ps.execute():
			 * false:执行的是增,删改操作,无返回值
			 * ture:执行的是查询操作,有返回值
			 */
			//方式一:
//			return ps.execute();
			//方式二:
			return ps.executeUpdate();//返回的是影响的行数
		} catch (Exception e) {
			e.printStackTrace();
		}finally {
			//5.关闭资源
			JDBC_Utils.closeResource(conn, ps);
		}
		return 0;
	}
}

练习二
JDBC-day02(使用PreparedStatement实现CRUD操作)_第3张图片
JDBC-day02(使用PreparedStatement实现CRUD操作)_第4张图片

Student类

public class Student {
	private int flowID;//流水号         
	private int type;//考试类型
	private String IDCard;//身份证号
	private String examCard;//准考证号
	private String name;//学生姓名
	private String location;//学生所在城市
	private int grade;//考试成绩
	
	public Student() {
		super();
	}

	public Student(int flowID, int type, String iDCard, String examCard, String name, String location, int grade) {
		super();
		this.flowID = flowID;
		this.type = type;
		IDCard = iDCard;
		this.examCard = examCard;
		this.name = name;
		this.location = location;
		this.grade = grade;
	}

	public int getType() {
		return type;
	}

	public void setType(int type) {
		this.type = type;
	}

	public String getIDCard() {
		return IDCard;
	}

	public void setIDCard(String iDCard) {
		IDCard = iDCard;
	}

	public String getExamCard() {
		return examCard;
	}

	public void setExamCard(String examCard) {
		this.examCard = examCard;
	}

	public String getName() {
		return name;
	}

	public void setName(String name) {
		this.name = name;
	}

	public String getLocation() {
		return location;
	}

	public void setLocation(String location) {
		this.location = location;
	}

	public int getGrade() {
		return grade;
	}

	public void setGrade(int grade) {
		this.grade = grade;
	}

	public int getFlowID() {
		return flowID;
	}

	@Override
	public String toString() {
		System.out.println("===============查询结果===================");
		return info();
	}

	private String info() {
		return "流水号:" + flowID + "\n四级/六级:" + type + "\n身份证号:" + 
		IDCard + "\n准考证号:" + examCard + "\n学生姓名:" + name + "\n区域:" + location + "\n成绩:" + grade;
	}
	

}

三个小问题写在一起

mport java.lang.reflect.Field;
import java.sql.Connection; 
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.util.Scanner;

import org.junit.Test;

import com.jdbc.util.JDBC_Utils;
public class Exer1Test2 {
	
	//问题1:向examstudent表中添加一条记录
	@Test
	public void testInsert() {
		Scanner scanner = new Scanner(System.in);
		System.out.print("四级/六级:");
		int type = scanner.nextInt();
		
		System.out.print("身份证号:");
		String IDCard = scanner.next();
		
		System.out.print("准考证号:");
		String examCard = scanner.next();
		
		System.out.print("学生姓名:");
		String studentName = scanner.next();
		
		System.out.print("所在城市:");
		String location = scanner.next();
		
		System.out.print("考试成绩:");
		int grade = scanner.nextInt();
		
		String sql = "insert into examstudent(type,IDCard,examCard,studentName,location,grade)values(?,?,?,?,?,?)";
		int insertCount = update(sql,type,IDCard,examCard,studentName,location,grade);
		if(insertCount > 0) {
			System.out.println("添加成功");
		}else {
			System.out.println("添加失败");
		}
		
	}
	//通用的增删改操作
	public int update(String sql,Object ...args) {
		Connection conn = null;
		PreparedStatement ps = null;
		try {
			//1.获取数据库的连接
			conn = JDBC_Utils.getConnection();
			//2.预编译SQL语句
			ps = conn.prepareStatement(sql);
			//3.填充占位符(可变形参长度与SQL占位符数量一致)
			for(int i = 0;i < args.length;i++) {
				ps.setObject(i + 1,args[i]);//小心参数声明错误(从1开始)
			}
			//4.执行
			/**
			 * ps.execute():
			 * false:执行的是增,删改操作,无返回值
			 * ture:执行的是查询操作,有返回值
			 */
			//方式一:
//			return ps.execute();
			//方式二:
			return ps.executeUpdate();//返回的是影响的行数
		} catch (Exception e) {
			e.printStackTrace();
		}finally {
			//5.关闭资源
			JDBC_Utils.closeResource(conn, ps);
		}
		return 0;
	}
	
	//问题2:根据身份证号或者准考证号查询学生成绩
	@Test
	public void queryWithID() {
		System.out.println("请选择你要输入的查询类型:");
		System.out.println("a.准考证号");
		System.out.println("b.身份证号");
		Scanner scanner = new Scanner(System.in);
		String selection = scanner.next();
		if("a".equalsIgnoreCase(selection)) {
			System.out.println("请输入准考证号:");
			String examCard = scanner.next();
			String sql = "select FlowID flowID,Type type,IDCard,ExamCard examCard,StudentName name,Location location,Grade grade from examstudent where ExamCard = ?";
			
			Student student = getInstance(Student.class,sql,examCard);
			if(student != null) {
				System.out.println(student);
			}else {		
				System.out.println("输入准考证号有误");
			}
		}else if("b".equalsIgnoreCase(selection)) {
			System.out.println("请输入身份证号:");
			String IDCard = scanner.next();
			String sql = "select FlowID flowID,Type type,IDCard,ExamCard examCard,StudentName name,Location location,Grade grade from examstudent where IDCard = ?";
			
			Student student = getInstance(Student.class,sql,IDCard);
			if(student != null) {
				System.out.println(student);
			}else {		
				System.out.println("输入身份证号有误");
			}
		}else {
			System.out.println("您的输入有误,请重新进入程序");
		}
	}
	public <T> T getInstance(Class<T> clazz,String sql,Object ...args) {
		Connection conn = null;
		PreparedStatement ps = null;
		ResultSet rs = null;
		try {
			conn = JDBC_Utils.getConnection();
			ps = conn.prepareStatement(sql);
			for(int i = 0;i < args.length;i++) {
				ps.setObject(i + 1, args[i]);
			}
			rs = ps.executeQuery();
			//获取结果集的元数据
			ResultSetMetaData rsmd = rs.getMetaData();
			//通过ResultSetMetaData获取结果集中的列数
			int columnCount = rsmd.getColumnCount();
			if(rs.next()) {
				T t = clazz.newInstance();
				for(int i = 0;i < columnCount;i++) {
					//获取列值:结果集
					Object columnvalue = rs.getObject(i +1);
					//获取每个列的列名:结果集元数据
//					String columnName = rsmd.getColumnName(i + 1);
					//获取每个列的别名(无别名就获取表的列名):结果集元数据
					String columnLabel = rsmd.getColumnLabel(i + 1);
					
					//给cust指定columnName属性赋值为columnvalue,通过反射
					Field field = clazz.getDeclaredField(columnLabel);
					field.setAccessible(true);
					field.set(t, columnvalue);
				}
				return t;
			}
		}catch (Exception e) {
			e.printStackTrace();
		}finally {
			JDBC_Utils.closeResource(conn, ps, rs);
		}
		return null;
	}
	
	//问题三:删除指定的学生信息
	@Test
	public void testDeletByExamCard() {
		System.out.println("请输入学生的考号:");
		Scanner scanner = new Scanner(System.in);
		String examCard = scanner.next();
		//查询指定准考证号的学生
		String sql = "select FlowID flowID,Type type,IDCard,ExamCard examCard,StudentName name,Location location,Grade grade from examstudent where ExamCard = ?";
		Student student = getInstance(Student.class,sql,examCard);
		if(student == null) {
			System.out.println("查无此人,请重新输入");
		}else {
			String sql1 = "delete from examstudent where examCard = ?";
			int updateCount = update(sql1,examCard);
			if(updateCount > 0) {
				System.out.println("删除成功");
			}else {
				System.out.println("删除失败,请重新操作");
			}
		}
		
	}
	//上一步的优化操作
	@Test
	public void testdelete() {
		System.out.println("请输入学生的考号:");
		Scanner scanner = new Scanner(System.in);
		String examCard = scanner.next();
		String sql = "delete from examstudent where examCard = ?";
		int updateCount = update(sql,examCard);
		if(updateCount > 0) {
			System.out.println("删除成功");
		}else {
			System.out.println("查无此人,请重新输入");
		}
	}
}

其中可能会出现不少的小问题,请多多包含
感谢大家的支持,关注,评论,点赞!
参考资料:尚硅谷_宋红康_JDBC核心技术

你可能感兴趣的:(Java,python,JDBC)