JDBC是JDBC(Java DataBase Connectivity) 称为Java数据库连接, 一套基于Java技术的数据库编程接口,它由一些操作数据库的Java类和接口组成。
创建JDBC应用程序的步骤
1.加载驱动 Class.forName("com.mysql.jdbc.Driver");
2.获取连接
DriverManager.getConnection("jdbc:mysql://localhost:3306/testuseUnicode=true&characterEncoding=utf8", "root", "root")
3.创建执行sql语句对象 con.createStatement();
4.执行sql语句 st.executeUpdate(sql);
5.处理结果集
6.释放资源 con.close();
public class Demo1 {
public static void main(String[] args) {
Statement st = null;
Connection con = null;
//1.加载驱动
try {
Class.forName("com.mysql.jdbc.Driver");
//2.获取连接
con = DriverManager.getConnection("jdbc:mysql://localhost:3306/test?useUnicode=true&characterEncoding=utf8", "root", "root");
//3.创建执行sql语句对象
st = con.createStatement();
//4.执行sql
String sql = "insert into dept values(101,'研发部','大连')";
int row = st.executeUpdate(sql);
//5.处理结果集
if(row==1) {
System.out.println("插入成功");
}else {
System.out.println("插入失败");
}
} catch (ClassNotFoundException e) {
System.out.println("加载驱动失败异常");
e.printStackTrace();
} catch (SQLException e) {
System.out.println("获取连接失败");
e.printStackTrace();
}finally {
//6.释放资源
if(st != null) {
try {
st.close();
} catch (SQLException e) {
e.printStackTrace();
}
}//先启动的后释放 后启动的先释放
if(con != null) {
try {
con.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
sql语句为select语句时
public static void main(String[] args) {
Connection con = null;
Statement st = null;
ResultSet rs = null;
//1.加载驱动
try {
Class.forName("com.mysql.jdbc.Driver");
//2.获取连接
con = DriverManager.getConnection("jdbc:mysql://localhost:3306/test","root","root");
//3.创建执行sql语句对象
st = con.createStatement();
//4.执行sql语句
String sql = "select * from dept";
rs = st.executeQuery(sql);
//5.处理结果集
while (rs.next()) {//判断是否有下一个元素
int deptno = rs.getInt("deptno");
String dname = rs.getString("dname");
String loc = rs.getString("loc");
//为了方便看
System.out.println(deptno+"--"+dname+"--"+loc);
}
} catch (ClassNotFoundException e) {
System.out.println("加载失败");
e.printStackTrace();
} catch (SQLException e) {
System.out.println("获取失败");
e.printStackTrace();
}finally {
//6.释放资
if(rs != null) {
try {
rs.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if(st != null) {
try {
st.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if(con != null) {
try {
con.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
JDBCUtils jdbc工具包
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
public class JDBCUtils {
//定义共性的方法
//获取连接
public static Connection getConn() {
Connection con = null;
//1.加载驱动
try {
Class.forName("com.mysql.jdbc.Driver");
//2.获取连接
con = DriverManager.getConnection("jdbc:mysql://localhost:3306/test?useUnicode=true&characterEncoding=utf8", "root", "root");
} catch (ClassNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return con;
}
//释放资源
public static void close(Connection con,Statement st,ResultSet rs) {
if(rs != null) {
try {
rs.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if(st != null) {
try {
st.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if(con != null) {
try {
con.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
sql注入
sql注入是比较常见的网络攻击方式之一,他不是利用操作系统的BUG来实现攻击
而是针对程序员编写的疏忽,通过sql语句实现无账号登陆,甚至篡改数据库
解决sql注入:
通过的是jdbc中预编译出处理对象prepareStatement来处理
public class sql注入 {
public static void main(String[] args) {
//加载驱动获取连接
Connection con = JDBCUtils.getConn();
PreparedStatement ps = null;
ResultSet rs = null;
try {
//创建执行sql执行语句
String sql = "select * from emp where ename = ? and empno = ?";
ps = con.prepareStatement(sql);
//设置参数
ps.setString(1, "SMITH");
ps.setInt(2, 7369);
//执行sql语句
rs = ps.executeQuery();
//处理结果集
while(rs.next()) {
int empno = rs.getInt("empno");
String ename = rs.getString("ename");
System.out.println(empno+ename);
}
} catch (SQLException e) {
e.printStackTrace();
}finally {
JDBCUtils.close(con, ps, rs);
}
}
}