接上一章的JDBC学习
接下来要做SQL的防注入
Connection conn = null;
PreparedStatement ps = null;
ResultSet rs = null;
try{
//注册驱动
Class.forName("com.mysql.jdbc.Driver");
//获取数据库连接
conn = DriverManger.getConnection("jdbc:mysql:///表名?characterEncoding
=utf-8","root","root");
//编写sql语句
String sql = "select ........ where 列名1 = ? ....";
//这里的?代表着要获取的值
//准备填写sql
ps = conn.prepareStatement(sql);
//这里的第一个参数数字为第几个? ,而不是下标
ps.getString(1,列名1);
...
//执行sql
rs = ps.executeQuery();
if(rs.next()){
system.out.print("this is a record in datasource");
}else{
system.out.print("this has no record in datasource");
}catch(exception e){
e.printStackTrace();
}finally{
释放空间....}