Java JDBC
Java下Connection下的PrepareStatement对象进行对数据库操作
PrepareStatement和Statement的区别就是:
PrepareStatement可以防止SQL注入,sql语句中使用的?占位,后进行赋值,更加安全,相比Statement也麻烦一些
代码实现
登录类
package com.hare.login;
import com.hare.utils.JDBCJutils;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
public class Login {
private String name;
private int password;
public Login() {
}
public Login(String name, int password) {
this.name = name;
this.password = password;
}
/**
* 实现登录验证
*/
public boolean loginUser(){
try {
Connection conn = JDBCJutils.getConnection();
String sql="select * from test1 where name= ? and password=?";
PreparedStatement ps = conn.prepareStatement(sql);
//获取账户密码信息
ps.setString(1,this.name);
ps.setInt(2,this.password);
ResultSet rs = ps.executeQuery();
//是否有这条数据
boolean flag = rs.next();
//释放资源
JDBCJutils.close(ps,conn,rs);
return flag;
} catch (SQLException throwables) {
throwables.printStackTrace();
}
return false;
}
}
测试类
package com.hare.login;
import java.util.Scanner;
public class TestLogin {
public static void main(String[] args) {
//1.提示信息
System.out.println("请输入您的用户名:");
//2.创建scanner对象
Scanner sc = new Scanner(System.in);
String name = sc.nextLine();
System.out.println("请输入您的密码:");
int password = sc.nextInt();
//3.调用login对象的loginUser方法进行验证
boolean result = new Login(name,password).loginUser();
//4.打印true还是false
if(result){
System.out.println("登录成功");
}else{
System.out.println("账户或用户名错误");
}
}
}
JDBC工具类
package com.hare.utils;
import java.io.FileReader;
import java.io.IOException;
import java.net.URL;
import java.sql.*;
import java.util.Properties;
public class JDBCJutils {
private static String url;
private static String user;
private static String password;
private static String driver;
//文件的读取,只需要读一次就可以拿到值,使用静态代码块
static{
//读取源资源,获取值
try {
//1.创建properties对象
Properties pro = new Properties();
//1.1 获取类加载器 class.getLoader
ClassLoader classLoader = JDBCJutils.class.getClassLoader();
URL resource = classLoader.getResource("jdbc.properties");
String path = resource.getPath();
//2.加载文件
pro.load(new FileReader(path));
url=pro.getProperty("url");
user = pro.getProperty("user");
password = pro.getProperty("password");
driver = pro.getProperty("driver");
//注册驱动
Class.forName(driver);
} catch (IOException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
}
/**
* 连接数据库
* @return 连接对象
*/
public static Connection getConnection() throws SQLException {
return DriverManager.getConnection(url,user,password);
}
/**
* 释放资源
* @param stmt 执行sql对象
* @param conn 链接数据库对象
*/
public static void close(Statement stmt,Connection conn){
close(stmt,conn,null);
}
/**
* 释放资源
* @param stmt
* @param conn
* @param rs 执行sql对象
*/
public static void close(Statement stmt, Connection conn, ResultSet rs){
if(rs!=null){
try {
rs.close();
} catch (SQLException throwables) {
throwables.printStackTrace();
}
}
if(stmt!=null){
try {
stmt.close();
} catch (SQLException throwables) {
throwables.printStackTrace();
}
}
if(conn!=null){
try {
conn.close();
} catch (SQLException throwables) {
throwables.printStackTrace();
}
}
}
}