prepareStatement进行增删改查---填充占位符（防止sql注入）

最新推荐文章于 2024-07-21 12:35:52 发布

易辰_

最新推荐文章于 2024-07-21 12:35:52 发布

阅读量3.5k

点赞数

分类专栏： Javaee-jdbc

本文链接：https://blog.csdn.net/u013210620/article/details/52686003

版权

Javaee-jdbc 专栏收录该内容

6 篇文章 0 订阅

订阅专栏

首先创建表
这里写图片描述

然后构造一个实体类–封装数据库字段
Student

package com.godinsec;

public class Student {
    private int id;
    private String name;
    private String address;
    private int phone;

    public int getId() {
        return id;
    }

    public void setId(int id) {
        this.id = id;
    }

    public String getName() {
        return name;
    }

    public void setName(String name) {
        this.name = name;
    }

    public String getAddress() {
        return address;
    }

    public void setPassword(String address) {
        this.address = address;
    }

    public int getPhone() {
        return phone;
    }

    public void setPhone(int phone) {
        this.phone = phone;
    }

    public Student(int id, String name, String address, int phone) {
        super();
        this.id = id;
        this.name = name;
        this.address = address;
        this.phone = phone;
    }

    public Student() {
        super();
    }

    @Override
    public String toString() {
        return "Student [id=" + id + ", name=" + name + ", address=" + address
                + ", phone=" + phone + "]";
    }
}

JdbcTools

package com.godinsec;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

public class JdbcTools {
    // 向数据库插入数据
    public static void update(String sql, Object... args) throws SQLException {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        try {
            connection = getConnection();
            preparedStatement = connection.prepareStatement(sql);
            for (int i = 0; i < args.length; i++) {
                preparedStatement.setObject(i + 1, args[i]);
            }
            preparedStatement.executeUpdate();
        } catch (Exception e) {
            e.printStackTrace();
        }
        JdbcTools.release(null, preparedStatement, null, connection);
    }

    public static <T> T GetStudent(Class<T> clazz, String sql, Object... args)
            throws Exception {
        T entity = null;
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            connection = getConnection();
            preparedStatement = connection.prepareStatement(sql);
            for (int i = 0; i < args.length; i++) {
                preparedStatement.setObject(i + 1, args[i]);
            }
            // 得到结果集
            resultSet = preparedStatement.executeQuery();
            if (resultSet.next()) {
                System.out.println("Id:" + resultSet.getInt(1));
                System.out.println("Name:" + resultSet.getString(2));
                System.out.println("Adress:" + resultSet.getString(3));
                System.out.println("Phone:" + resultSet.getInt(4));
            }

        } catch (Exception e) {
            e.printStackTrace();
        }

        JdbcTools.release(resultSet, preparedStatement, null, connection);
        return entity;

    }

    // 连接数据库
    public static Connection getConnection() throws SQLException,
            ClassNotFoundException {
        // 得到配置信息
        String driverClass = "com.mysql.jdbc.Driver";
        String user = "root";
        String password = "root";
        String url = "jdbc:mysql:///mydatabase";
        Class.forName(driverClass);
        // 返回一个connection连接
        return DriverManager.getConnection(url, user, password);
    }

    // 关闭资源
    public static void release(ResultSet resultSet,
            PreparedStatement preparedStatement, Statement statement,
            Connection connection) throws SQLException {

        if (resultSet != null) {
            resultSet.close();
        }
        if (preparedStatement != null) {
            preparedStatement.close();
        }
        if (statement != null) {
            statement.close();
        }
        if (connection != null) {
            connection.close();
        }

    }
}

JdbcTest

package com.godinsec;

import java.sql.Connection;
import java.sql.SQLException;
import java.util.Scanner;

import org.junit.Test;

public class JdbcTest {
    // ///
    @Test
    public void testAddNewCustomer() throws SQLException {
        Student student = getStudent();
        addCustomer(student);
    }

    // 通过输入得到对象
    public Student getStudent() {
        Scanner scanner = new Scanner(System.in);
        Student student = new Student();

        System.out.println("Id:");
        student.setId(scanner.nextInt());

        System.out.println("Name:");
        student.setName(scanner.next());

        System.out.println("Adress:");
        student.setPassword(scanner.next());

        System.out.println("Phone:");
        student.setPhone(scanner.nextInt());
        return student;
    }

    // 增加对象
    public void addCustomer(Student student) throws SQLException {
        String sql = "INSERT INTO customer VALUES(?,?,?,?)";
        JdbcTools.update(sql, student.getId(), student.getName(),
                student.getAddress(), student.getPhone());

    }

    // /

    @Test
    public void testGet() throws Exception {
        String sql = "select * from customer where id = ?";
        Student student = JdbcTools.GetStudent(Student.class, sql, 1);
    }
}