JDBC入门
1.注册驱动 驱动从哪里来? 框架开发者会将代码封装成jar包 项目根目录新建lib文件夹,拷贝驱动到此目录下 将驱动进行编译,驱动文件右键 -- ADD as Library 使用Java代码加载驱动类 2.获取数据库连接对象 3.通过数据库连接对象Statement对象 4.通过Statement对象执行sql语句 5.处理结果 6.关闭资源
package demo01_jdbc入门;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;
public class Demo01 {
public static void main(String[] args) throws Exception {
//1.注册驱动
Class.forName("com.mysql.jdbc.Driver");
//2.获取数据库连接对象
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/test2","root","123456");
//3.通过数据库连接对象Statement对象
Statement st = conn.createStatement();
//4.通过Statement对象执行sql语句
//更新id为1的用户信息
String sql = "update user set username = '哈哈' where id = 1";
int count = st.executeUpdate(sql);
//5.处理结果
System.out.println("执行结果:"+count);
//6.关闭资源
st.close();
conn.close();
}
}DriverManager
registerDriver():注册驱动
DriverManager.getConnection(String url,String user,String password)获取连接对象
url指定数据库连接路径。
语法:jdbc:mysql://ip地址:端口号/数据库名称。
jdbc:mysql://localhost:3306/test2
细节:如果连接的是本机数据库,数据库的默认端口号为3306
jdbc:mysql:///test2
user 数据库用户名
password 数据库密码
package demo01_jdbc入门;
public class T {
public static void main(String[] args) throws ClassNotFoundException {
//静态代码块执行时机:类被加载的时候
Class.forName("demo01_jdbc入门.MyDriver");
}
}
class MyDriver{
static {
System.out.println("我被执行了");
}
}Connection
数据库连接对象
普通方法
createStatement()获取Statement(执行sql语句)
prepareStatement()获取PrepareStatement对象
管理事务的方法
开启事务
setAutoCommit()
提交事务
sommit()
回滚事务
rollback()
Statement
执行sql的对象
普通方法
st.execute() 执行任意的sql增删改查 st.executeUpdate() 执行DML(insert update delete) DDL(create alter drop) st.executeQuery() 执行 DQL(select)
练习
添加一条记录
package demo02_练习;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;
public class Demo {
public static void main(String[] args) throws Exception {
insert();
}
public static void insert() throws Exception {
//1.注册驱动
Class.forName("com.mysql.jdbc.Driver");
//2.获取连接对象
Connection conn = DriverManager.getConnection("jdbc:mysql:///test2","root","123456");
//3.获取数据库执行对象
Statement st = conn.createStatement();
//4.执行sql语句
String sql = "insert into user (id,username, password, email) values (NULL,'wangwu','123','123@qq.com');";
int count = st.executeUpdate(sql);
if(count >0){
System.out.println("执行成功");
}else{
System.out.println("执行失败");
}
}
}修改一条记录
上面的代码:demo01_jdbc入门.Demo01
删除一条记录
public static void delete(){
Connection conn = null;
Statement st = null;
try {
//1.注册驱动
Class.forName("com.mysql.jdbc.Driver");
//2.获取连接对象
conn = DriverManager.getConnection("jdbc:mysql:///test2","root","123456");
//3.获取数据库执行对象
st = conn.createStatement();
//4.执行sql语句
String sql = "delete from user where id = 1";
int count = st.executeUpdate(sql);
if(count >0){
System.out.println("执行成功");
}else{
System.out.println("执行失败");
}
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
}finally {
//无论如何都需要关闭
} if(st !=null){
try {
st.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if(conn !=null){
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}查询数据:ResultSet
封装了结果集的对象,常用方法:
st.executeQuery(String sql)
ResultSet的方法
next():将游标下移,判断是否还有数据
getxx(int columnIndex)获取指定类型的数据
columnIndex:代表列的编号
xx 数据类型
getxx(String name)获取指定类型的数据
name:列名
使用步骤
获取ResultSet对象
调用rs.next(),判断是否有下一行,因为数据的个数不确定,所以使用while循环来操作
调用getxx()获取数据
查询:查询所有
public static void selectALL(){
Connection conn = null;
Statement st = null;
try {
//1.注册驱动
Class.forName("com.mysql.jdbc.Driver");
//2.获取连接对象
conn = DriverManager.getConnection("jdbc:mysql:///test2","root","123456");
//3.获取数据库执行对象
st = conn.createStatement();
//4.执行sql语句
String sql = "SELECT * FROM user";
ResultSet rs = st.executeQuery(sql);
//5.处理结果
while (rs.next()){
// rs.getInt(1);
int id = rs.getInt("id");
String username = rs.getString("username");
String password = rs.getString("password");
String email = rs.getString("email");
System.out.println(id + " " + username+ " " + password+ " " + email);
}
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
}finally {
//6.无论如何都需要关闭
} if(st !=null){
try {
st.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if(conn !=null){
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}封装数据
将获取到的数据封装到对象中(User),然后将所有的Use对象存入List集合。
新建一个方法,将查询到的数据装到对象(User)中,并将所有的User对象存入List集合,并返回
1.新建User类
User类里面的属性有什么?
类的属性和表的列相同
表中的列数据类型怎么和Java的数据类型对应呢?
类型对应表
varchar String
2.定义方法
public List<User> findAllUser(){}
User类
package demo02_练习;
public class User {
private Integer id;
private String username;
private String password;
private String email;
public User(Integer id, String username, String password, String email) {
this.id = id;
this.username = username;
this.password = password;
this.email = email;
}
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
@Override
public String toString() {
return "User{" +
"id=" + id +
", username='" + username + '\'' +
", password='" + password + '\'' +
", email='" + email + '\'' +
'}';
}
}
测试类
public static List<User> findAllUser() throws ClassNotFoundException, SQLException {
Class.forName("com.mysql.jdbc.Driver");
Connection conn = DriverManager.getConnection("jdbc:mysql:///test2", "root", "123456");
Statement st = conn.createStatement();
ResultSet rs = st.executeQuery("SELECT * FROM user");
List<User> users = new ArrayList<>();
while (rs.next()){
//根据列名取值
int id = rs.getInt("id");
String username = rs.getString("username");
String password = rs.getString("password");
String email = rs.getString("email");
//封装数据
User user = new User(id, username, password, email);
users.add(user);
}
return users;
}登陆案例
编写代码模拟登陆功能
添加完成登陆功能的方法,返回是否登陆成功
方法:
public boolean login((String username,String password){}
具体实现:
根据用户名和密码查询数据库
SELECT * FROM user WHERE username = 'admin' AND password = 'admin'
package demo03_登陆案例;
import java.sql.*;
import java.util.Scanner;
public class LoginDemo {
public static void main(String[] args) throws Exception {
Scanner sc = new Scanner(System.in);
System.out.println("请输入用户名");
String username = sc.nextLine();
System.out.println("请输入密码");
String password = sc.nextLine();
boolean flag = login(username,password);
if(flag){
System.out.println("登陆成功");
}else{
System.out.println("登陆失败");
}
}
public static boolean login(String username,String password) throws Exception {
Class.forName("com.mysql.jdbc.Driver");
Connection conn = DriverManager.getConnection("jdbc:mysql:///test2", "root", "123456");
Statement st = conn.createStatement();
String sql = "SELECT * FROM user WHERE username = '"+username+"' AND password = '"+password+"'";
System.out.println(sql);
ResultSet rs = st.executeQuery(sql);
//查询数据
if(rs.next()){
return true;
}else{
return false;
}
// rs.close();
// st.close();
// return false;
}
}SQL 安全问题 SQL注入
利用特殊的字符或关键字参与sql字符串的拼接,会造成安全问题
用户名密码都输入:'a' or 'a' = 'a'
SELECT * FROM user WHERE username = 'aaa' AND password = 'a' or 'a' = 'a'
用户名密码都输入:'a' or 'a' = 'a'--'
SELECT * FROM user WHERE username ='a' or ' '=' '--' AND password = 'a' or 'a' = 'a'--'
问题出现的原因:
sql拼接问题
预编译sql
//获取PreparedStatement //PreparedStatement ps = conn.prepareStatement(sql); //定义sql //参数使用?作为占位符 //SELECT * FROM user WHERE username =? AND password = ? //设置参数,给?赋值 //ps.setxx 设置值 //void setString(int parameterIndex, String x) //参数1:?的编号 从1开始 //参数2:?具体的值
修改后的方法为
package demo03_登陆案例;
import java.sql.*;
import java.util.Scanner;
public class LoginDemo {
public static void main(String[] args) throws Exception {
Scanner sc = new Scanner(System.in);
System.out.println("请输入用户名");
String username = sc.nextLine();
System.out.println("请输入密码");
String password = sc.nextLine();
boolean flag = login2(username,password);
if(flag){
System.out.println("登陆成功");
}else{
System.out.println("登陆失败");
}
}
public static boolean login2(String username,String password) throws Exception {
Class.forName("com.mysql.jdbc.Driver");
Connection conn = DriverManager.getConnection("jdbc:mysql:///test2", "root", "123456");
String sql = "SELECT * FROM user WHERE username = ? AND password = ?";
PreparedStatement ps = conn.prepareStatement(sql);
ps.setString(1,username);
ps.setString(2,password);
//真正执行sql语句
ResultSet rs = ps.executeQuery();
return rs.next();
}
}JDBC工具类
提供一个工具类获取数据库的连接对象(Connection)
Class.forName("com.mysql.jdbc.Driver");
Connection conn = DriverManager.getConnection("jdbc:mysql:///test2", "root", "123456");
driverClassName=com.mysql.jdbc.Driver
url=jdbc:mysql://localhost:3306/test2
username=root
password=123456
编写思路:
1.将数据库连接 驱动 用户名密码都写到配置文件中 jdbc.properties
2.加载配置文件,读取配置信息
3.根据key 取值
4.创建获取连接对象的方法 关闭连接的方法
package utils;
import java.io.FileReader;
import java.io.IOException;
import java.net.URL;
import java.sql.*;
import java.util.Properties;
public class JDBC_Utils {
public static void main(String[] args) {
System.out.println("");
}
// driverClassName=com.mysql.jdbc.Driver
// url=jdbc:mysql://localhost:3306/test2
// username=root
// password=123456
static String driverClassName;
static String url;
static String username;
static String password;
static {
try {
Properties p = new Properties();
//读取指定路径的配置文件
//获取jdbc.properties文件的绝对路径
ClassLoader classLoader = JDBC_Utils.class.getClassLoader();
URL path = classLoader.getResource("jdbc.properties");
//System.out.println(url.getPath());
p.load(new FileReader(path.getPath()));
//读取配置信息
driverClassName = p.getProperty("driverClassName");
url = p.getProperty("url");
username = p.getProperty("username");
password = p.getProperty("password");
//加载驱动
Class.forName(driverClassName);
} catch (IOException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
}
/**
* 获取连接方法
* @return
* @throws SQLException
*/
public static Connection getConnection() throws SQLException {
return DriverManager.getConnection(url,username,password);
}
/**
* 关闭资源
*/
public static void close(ResultSet rs , Connection conn, Statement st){
if(rs !=null){
try {
rs.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if(conn !=null){
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if(st !=null){
try {
st.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}测试
package utils;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
public class T {
//在测试方法执行前准备一下环境
@Before
public void before(){
System.out.println("before");
}
@Test
public void t1(){
System.out.println("aaa");
}
//目标方法执行后会执行 释放资源
@After
public void After(){
System.out.println("After");
}
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
