Statement和PreparedStatement的区别(使用JDBCUtils工具类)

Statement可能会发生Sql注入情况,但是PreparedStatement不会发生

package com.alex.jdbc;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Scanner;

import org.junit.Test;

import com.alex.util.JDBCUtils;



public class TestConnection05 {
	
	Scanner scanner = new Scanner(System.in);
	//登录测试
	//Statement这种方式容易引起SQL注入
	//Statement查询操作展示
	@Test
	public void test_Statement() throws Exception{
		
		System.out.println("请输入用户名:");
		String username = scanner.next();
		
		System.out.println("请输入用户密码:");
		String password = scanner.next();
		//打开连接
		Connection connection = JDBCUtils.getConnection();
		
		Statement statement = connection.createStatement();
		
		String sql = "select COUNT(*) from admin where username='"+username+"' and `password`='"+password+"'";
		ResultSet resultSet = statement.executeQuery(sql);
	
		if(resultSet.next()){
			int count = resultSet.getInt(1);
			System.out.println(count > 0 ? "success":"fail");
		}
	
		JDBCUtils.closeConnection(resultSet, statement, connection);
	}
	
    //PreparedStatement查询操作展示
 	@Test
    public void test_PreparedStatement() throws Exception{

    	System.out.println("请输入用户名:");
		String username = scanner.next();
		
		System.out.println("请输入用户密码:");
		String password = scanner.next();
		//打开连接
		//?占位符
		Connection connection = JDBCUtils.getConnection();
		String sql="select COUNT(*) from admin where username= ? and `password`= ?";
		PreparedStatement prepareStatement = connection.prepareStatement(sql);
		//索引从一开始
		prepareStatement.setString(1, username);
		prepareStatement.setString(2, password);
		
		
		ResultSet resultSet=prepareStatement.executeQuery();
  
		if(resultSet.next()){
			int count = resultSet.getInt(1);
			System.out.println(count > 0 ? "success":"fail");
		}
	
		JDBCUtils.closeConnection(resultSet, prepareStatement, connection);
    
    }

}


  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值