PreparedStatement
- 使用参数设置,可读性好,不易犯错
- PreparedStatement有预编译机制,性能比Statement更快
- PreparedStatement防止SQL注入式攻击
package com.dgd.test;
import java.sql.*;
public class DBTest {
private static final String DRIVER_NAME = "com.mysql.jdbc.Driver";
private static final String URL = "jdbc:mysql://localhost:3306/test?useSSL=false";
private static final String USER_NAME = "root";
private static final String PASSWORD = "123456";
public static void main(String[] args) {
Connection connection = null;
try {
Class.forName(DRIVER_NAME);
connection = DriverManager.getConnection(URL, USER_NAME, PASSWORD);
String sql = "insert into user values(null,?,?,?,?)";
PreparedStatement prst = connection.prepareStatement(sql);
for (int i = 0; i < 5; i++) {
prst.setString(1, "提莫"+i);
prst.setFloat(2, i*10);
prst.setInt(3, i);
prst.setInt(4, i*100);
prst.execute();
}
prst.close();
} catch (Exception e) {
e.printStackTrace();
} finally {
if (connection != null) {
try {
connection.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
}
Statement
package com.dgd.test;
import java.sql.*;
public class DBTest {
private static final String DRIVER_NAME = "com.mysql.jdbc.Driver";
private static final String URL = "jdbc:mysql://localhost:3306/test?useSSL=false";
private static final String USER_NAME = "root";
private static final String PASSWORD = "123456";
public static void main(String[] args) {
Connection connection = null;
try {
Class.forName(DRIVER_NAME);
connection = DriverManager.getConnection(URL, USER_NAME, PASSWORD);
Statement prst = connection.createStatement();
for (int i = 0; i < 5; i++) {
String val = "null,"+"'提莫"+i+"',"+i+","+i*2+","+i*3+")";
String sql = "insert into user values("+val;
System.out.println(sql);
prst.execute(sql);
}
prst.close();
} catch (Exception e) {
e.printStackTrace();
} finally {
if (connection != null) {
try {
connection.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
}