1、PreparedStatement接口
表示预编译的 SQL 语句的对象。
SQL 语句被预编译并存储在PreparedStatement
对象中。然后可以使用此对象多次高效地执行该语句。
开发者应该使用PreparedStatement
一、代码的可读性和可维护性高
二、PreparedStatement尽最大可能提高性能
三、极大地提高了安全性(防止sql注入)
示例代码:
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import com.mysql.jdbc.Connection;
public class JdbcDemo {
public final static String URL = "jdbc:mysql://localhost:3306/test";
public final static String USERNAME = "root";
public final static String PASSWORD = "root";
public final static String DRIVER = "com.mysql.jdbc.Driver";
public static void main(String[] args) {
// TODO Auto-generated method stub
Person p=new Person(2,"xiaoheihei",16,"hei");
// insert(p);
// update(p);
// delete(p);
p=findById(1);
System.out.println(p);
System.out.println("success");
}
public static Person findById(int id){
Person p=null;
try {
Class.forName(DRIVER);
java.sql.Connection conn=DriverManager.getConnection(URL, USERNAME, PASSWORD);
String sql="select name,age,description from person1 where id=? ";
PreparedStatement ps=conn.prepareStatement(sql);
//设置占位符对应的值
ps.setInt(1,id);
ResultSet rs=ps.executeQuery();
if(rs.next()){
p=new Person();
p.setId(id);
p.setName(rs.getString(1));
p.setAge(rs.getInt(2));
p.setDes(rs.getString(3));
//把java.sql.Date与java.util.Date之间的转换
// java.util.Date date=rs.getDate(4);
// ps.setDate(4,new java.sql.Date(date.getTime()));
}
rs.close();
ps.close();
conn.close();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return p;
}
public static void delete(Person p){
try {
Class.forName(DRIVER);
java.sql.Connection conn=DriverManager.getConnection(URL, USERNAME, PASSWORD);
String sql="delete from person1 where id =? ";
PreparedStatement ps=conn.prepareStatement(sql);
//设置占位符对应的值
ps.setInt(1, p.getId());
ps.executeUpdate();
ps.close();
conn.close();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
public static void update(Person p){
try {
Class.forName(DRIVER);
java.sql.Connection conn=DriverManager.getConnection(URL, USERNAME, PASSWORD);
String sql="update person1 set name=?,age=?,description=? where id=? ";
PreparedStatement ps=conn.prepareStatement(sql);
//设置占位符对应的值
ps.setString(1, p.getName());
ps.setInt(2, p.getAge());
ps.setString(3, p.getDes());
ps.setInt(4, p.getId());
ps.executeUpdate();
ps.close();
conn.close();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
public static void insert(Person p) {
// TODO Auto-generated method stub
try {
Class.forName(DRIVER);
java.sql.Connection conn=DriverManager.getConnection(URL, USERNAME, PASSWORD);
String sql="insert into person1(name,age,description)values(?,?,?)";
PreparedStatement ps=conn.prepareStatement(sql);
//设置占位符对应的值
ps.setString(1, p.getName());
ps.setInt(2, p.getAge());
ps.setString(3, p.getDes());
ps.executeUpdate();
ps.close();
conn.close();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}