statement模式
package com.xxx.jdbc;
import java.sql.*;
public class jdbc01 {
public static void main(String[] args) throws ClassNotFoundException, SQLException {
//1.加载驱动
Class.forName("com.mysql.cj.jdbc.Driver");
//2.用户信息和url
String url = "jdbc:mysql://localhost:3306/chinaschool?serverTimezone=UTC";
String username = "root";
String password = "123456";
//3.连接成功,数据库对象
Connection conn = DriverManager.getConnection(url,username,password);
//4.执行SQL的对象
Statement state = conn.createStatement();
//5.执行sql
String sql="select COUNT(*) as count,stations.province from stations,subjects where stations.name = subjects.station_name group by stations.province;";
ResultSet resultSet =state.executeQuery(sql);//返回的结果值,是一个链表
while(resultSet.next()){
System.out.print(resultSet.getObject("province"));//这里的参数对应返回的参数
System.out.print(resultSet.getObject("count"));
}
//6.释放链接
conn.close();
resultSet.close();
state.close();
}
}
PreparedStatement模式
使用PreparedStatement可以防止sql注入
package com.xxx.jdbc;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.SQLException;
public class jdbc04 {
public static void main(String[] args) throws ClassNotFoundException, SQLException {
//1.加载驱动
Class.forName("com.mysql.cj.jdbc.Driver");
//2.用户信息和url
String url = "jdbc:mysql://localhost:3306/chinaschool?serverTimezone=UTC";
String username = "root";
String password = "123456";
//3.连接成功,数据库对象
Connection conn = DriverManager.getConnection(url,username,password);
//4.执行SQL的对象
String sql="insert into login values(?,?)";
PreparedStatement st = null;
st = conn.prepareStatement(sql);//预编译,不执行
st.setString(1,"mzd");//写入参数
st.setString(2,"12345678");
int i = st.executeUpdate();
if(i>0){
System.out.println("插入成功!");
}
else {
System.out.println("插入失败!");
}
//6.释放链接
conn.close();
st.close();
}
}