一、导包
二、编写代码
sql语句使用直接的字符串拼接,有很大的漏洞(SQL注入),所以需要使用PreparedStatement来弥补。
查询数据库操作(executeQuery):
public static void main(String[] args) throws ClassNotFoundException, SQLException {
Class.forName("com.mysql.jdbc.Driver");
Connection connection = DriverManager.getConnection("jdbc:mysql://localhost/school?useUnicode=true&characterEncoding=UTF8", "root", "123456");
String sql="SELECT * FROM book WHERE id=?;";
PreparedStatement ps = connection.prepareStatement(sql);
ps.setInt(1, 1);/*给sql串传值*/
ResultSet eq = ps.executeQuery();/*查询数据库,返回结果集*/
/*遍历结果集*/
while(eq.next()){
System.out.println("id:"+eq.getInt("id")+" 书名:"+eq.getString("bookname")
+" 价格:"+eq.getDouble("price")+" 出版社:"+eq.getString("publish"));
}
eq.close();/*关闭ResultSet结果集*/
ps.close();/*关闭PreparedStatement对象*/
connection.close();/*关闭连接*/
}
添加,删除,修改数据库,统一使用executeUpdate
public static void main(String[] args) throws ClassNotFoundException, SQLException {
Class.forName("com.mysql.jdbc.Driver");
Connection connection = DriverManager.getConnection("jdbc:mysql://localhost/school?useUnicode=true&characterEncoding=UTF8", "root", "123456");
String sql="UPDATE book SET price=? WHERE id=?;";
PreparedStatement ps = connection.prepareStatement(sql);
ps.setDouble(1, 89.6);/*给sql串传值*/
ps.setInt(2, 1);/*给sql串传值*/
int executeUpdate = ps.executeUpdate();/*返回值数据库变化行数*/
ps.close();/*关闭PreparedStatement对象*/
connection.close();/*关闭连接*/
System.out.println(executeUpdate);/*验证是否成功*/
}