/**
* PreparedStatement:是Statement的子接口,可以传入带占位符的SQL语句,并且提供了补充占位符的方法。
*PreparedStatement 可以防止 SQL 注入
* @throws Exception
*/
@Test
public void testPreparedStatement() throws Exception {
Connection connection = null;
PreparedStatement preparedStatement = null;
try {
connection = JDBCTools.getConnection();
String sql = "INSERT INTO CUSTOMERSS VALUES(?,?,?,?)";
//创建PreparedStatement对象,同时传入SQL
preparedStatement = connection.prepareStatement(sql);
//调用setXxx方法,设置占位符的值,index从1开始。
preparedStatement.setInt(1, 5);
preparedStatement.setString(2, "55");
preparedStatement.setString(3, "555");
preparedStatement.setDate(4,new Date(new java.util.Date().getTime()));
//执行SQL,executeQuery或executeUpdate方法
preparedStatement.executeQuery();
} catch (Exception e) {
e.printStackTrace();
} finally {
JDBCTools.colse(preparedStatement, connection, null);
}
}