13 配置文件:
属性文件:
格式:扩展名是 .properties
内容: key = value
在工具类中获取文件
14 SQL漏洞的原因:
存在or关键字和-- 注释
15 解决方法 preparedStatement 预处理(会对关键词进行转译)
编写SQL语句(预先编译,只能在问号的地方才能输入内容(并且一个问号输入的内容是一个字符串),并且即使有关键字当做普通内容)
String sql = “select * from user where username = ? And password =?”;
设置参数:
pstmt.setString(1, username);表示把第一个问号替换成username
Pstmt.setString(2, password); 意思是把第二个问号替换成 password
16 preparedStatement 添加(插入)内容
在编写SQL语句的时候 用问号代替
Insert into user values(null,?,?,?,?);
然后依次设置每一个 替代问号的内容
pstmt.setString(1,”xxx”); pstmt.setInt(2,23) 等等
17 Preparedstatement 修改操作
编写的修改的SQL语句
String sql = “Update user set username = ? ,password = ? ,nickname=?, age =?, where id = ?”;
也是依次给问号赋值:pstmt.setString(1,”abcds”); pstmt.setInt(5, 6);
18 删除操作
在获得连接之后,编写SQL语句
String sql = “delete from user where id =?”;
将想删除的id赋值给问号 :pstmt.setInt(1,5);
19 查询操作
Connection conn = null; 连接
preparedStatement pstmt = null; 预处理SQL语句对象
ResultSet rs = null; 结果集
获的连接之后,编写SQL语句
String sql = “select * from user”; 查询所有记录 查某一天就加where条件
预编译: pstmt = conn.preparedStatement(sql);
执行SQL: rs = pstmt.executeQuery();
//编写SQL语句 添加插入语句
String sql ="insert into user values(null,'eee','1234','zhang',11)";
//编写SQL语句 修改语句
String sql ="update user set password='xiugaihou',nickname ='zhongguo' where id =4";
//执行SQL语句
int num =stmt.executeUpdate(sql);、
//编写SQL语句 删除指定语句
String sql ="delete from user where id =5 ";
//执行SQL语句
int num =stmt.executeUpdate(sql);
if(num > 0){
System.out.println("删除数据成功");
}
insert into biaoming values (zhiliebiao);
delete from biaoming where tiaojian;
truncate table XXX
update XXX set ziduanming = zhi where tiaojian;
select * from XXX where tiaojian group by fenzuziduan having juhetiaojian order by ziduan;
show database;
show tables;
show create database XXX;
show create table XXX;
select * from XXX cross join XXX;
select * from XXX inner join XXX;
select * from XXX left outer join XXX on biao1.id = biao2.id;
select * from XXX1,XXX2 where XXX1.id = XXX2.id ;
Class.forName("com.mysql.jdbc.Driver");注册驱动
Connection conn = DriverManager.getConnection(url,user,password);获得连接
Statement stmt = conn.createStatement();创建SQL语句执行对象
String sql = "select * from XXX where id =4;编写SQL语句
rs = stmt.executeQuery(sql);执行SQL查询语句 rs.next()
rs2 = stmt.executeUpdate(sql);执行SQL曾 删 改 的语句 返回int类型 num >0