JDBC目前学习中从基本的连接到增删改数据最后到使用一些框架
使用的mysql
初步的连接-需要mysql-connector jar包
public List<Student> findall() {
Connection conn = null;
Statement stmt = null;
ResultSet rs = null;
List<Student> list=null;
try {
//1.注册驱动。可兼容。5版本
Class.forName("com.mysql.cj.jdbc.Driver");
//2.获取连接
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/mytext", "root", "root");
if(conn!=null)
System.out.println("连接成功");
//3.定义sql
String sql = "select * from student";
//4.获取执行sql的对象
stmt = conn.createStatement();
//5.执行sql
rs = stmt.executeQuery(sql);
//6便利结果集,封装对象,装载集合
Student student = null;
list = new ArrayList<Student>();
while (rs.next()) {
int id = rs.getInt(1);
String name = rs.getString(2);
//创建对象并赋值
student = new Student();
student.setIdnumber(id);
student.setName(name);
list.add(student);
}
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
}finally {
if(stmt!=null){
try {
stmt.close();
}
catch (SQLException e){
e.printStackTrace();
}
}
if(rs!=null){
try {
rs.close();
}
catch (SQLException e){
e.printStackTrace();
}
}
if(conn!=null){
try {
conn.close();
}
catch (SQLException e){
e.printStackTrace();
}
}
}
return list;
}
我们设置的数据库较为简单
我这里将它封装进list中,将其中数据便利出来。
需要注意的是,我们最简单的操作中释放数据库连接资源部分需要重复写代码我们可以创建工具类
JDBCUtils 加载配置文件jdbc.properties中的账号,密码等信息,便于后期大项目的维护
import java.io.FileReader;
import java.io.IOException;
import java.net.URL;
import java.sql.*;
import java.util.Properties;
public class JDBCUtils {
private static String url;
private static String user;
private static String password;
private static String driver;
/**
* 文件的读取,只读取一次就能拿到这些值,使用静态代码块
*/
static {
//读取资源文件,并获值
try {
//1.创建Properties集合类
Properties pro =new Properties();
//获取src路径下的文件方式---->Classloader 类加载器
ClassLoader classLoader =JDBCUtils.class.getClassLoader();
URL res =classLoader.getResource("jdbc.properties");
String path =res.getPath();
//2.加载文件
pro.load(new FileReader(path));
//3.获取数据,赋值
url=pro.getProperty("url");
user=pro.getProperty("user");
password=pro.getProperty("password");
driver=pro.getProperty("driver");
//4.注册驱动
Class.forName(driver);
} catch (IOException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
}
/**
* 获取连接
* @return 连接对象
*
*/
public static Connection getConnection() throws SQLException {
return DriverManager.getConnection(url,user,password);
}
/**
*
* @param rs
* @param stmt
* @param conn
*/
public static void close(ResultSet rs, Statement stmt, Connection conn){
if(stmt!=null){
try {
stmt.close();
}
catch (SQLException e){
e.printStackTrace();
}
}
if(rs!=null){
try {
rs.close();
}
catch (SQLException e){
e.printStackTrace();
}
}
if(conn!=null){
try {
conn.close();
}
catch (SQLException e){
e.printStackTrace();
}
}
}
public static void close(Statement stmt){
if(stmt!=null){
try {
stmt.close();
}
catch (SQLException e){
e.printStackTrace();
}
}
}
}
jdbc.properties文件
url =jdbc:mysql://localhost:3306/mytext
user=root
password=xiaoxiao
driver=com.mysql.cj.jdbc.Driver
这样代码就相比之前精简很多
public List<Student> findall2() {
Connection conn = null;
Statement stmt = null;
ResultSet rs = null;
List<Student> list = null;
try{
conn=JDBCUtils.getConnection();
//3.定义sql
String sql = "select * from student";
//4.获取执行sql的对象
stmt = conn.createStatement();
//5.执行sql
rs = stmt.executeQuery(sql);
//6便利结果集,封装对象,装载集合
Student student = null;
list = new ArrayList<Student>();
while (rs.next()) {
int id = rs.getInt(1);
String name = rs.getString(2);
//创建对象并赋值
student = new Student();
student.setIdnumber(id);
student.setName(name);
list.add(student);
}
} catch (SQLException e){
e.printStackTrace();
}finally {
JDBCUtils.close(rs,stmt,conn);
}
return list;
}
上面是一些简单的查询,接下来模拟登陆页面验证密码
public class Login {
public static void main(String[] args) {
//1.键盘录入
Scanner input =new Scanner(System.in);
System.out.println("请输入用户名:");
String username = input.nextLine();
System.out.println("请输入密码:");
String password = input.nextLine();
boolean flag = login2(username,password);
if(flag){
//登陆成功
System.out.println("登陆成功");
}else {
System.out.println("登陆失败");
}
}
public static Boolean login(String username,String password){
if(username==null||password==null)
return false;
Connection conn = null;
Statement stmt = null;
ResultSet rs = null;
try{
conn=JDBCUtils.getConnection();
//3.定义sql,要注意空格
String sql = "select * from student where username = "+username+" and password ="+password;
//ystem.out.println(sql);
//4.获取执行sql的对象
stmt = conn.createStatement();
//5.执行sql
rs = stmt.executeQuery(sql);
return rs.next();
} catch (SQLException e){
e.printStackTrace();
}finally {
JDBCUtils.close(rs,stmt,conn);
}
return false;
}
}
上面这种比较简单,可通过键盘输入将账号密码输入来匹配数据库中的信息,最终得到反馈。
但当输入密码为 666 or 'a'='a' 时 由于字符串和数据库的的机制导致了常见的sql注入问题
所以我们有第二种方法解决
public static Boolean login2(String username,String password){
if(username==null||password==null)
return false;
Connection conn = null;
//PrepareStatement 是Statement的子类
PreparedStatement pstmt = null;
ResultSet rs = null;
try{
conn=JDBCUtils.getConnection();
//3.定义sql,要注意空格
String sql = "select * from student where username = ? and password =?";
//System.out.println(sql);
//4.获取执行sql的对象
pstmt = conn.prepareStatement(sql);
pstmt.setString(1,username);
pstmt.setString(2,password);//--->防止sql注入
//5.执行sql,Prestatement的e..不需要参数
rs = pstmt.executeQuery();
return rs.next();
} catch (SQLException e){
e.printStackTrace();
}finally {
JDBCUtils.close(rs,pstmt,conn);
}
return false;
}
这样可以防止sql注入问题