package com.chu.first;
import java.sql.*;
public class JDBC2 {
public static void main(String[] args) throws SQLException {
// Connection con; //不用try catch时不用放出来
// PreparedStatement pst; //注意这里有prepare 'd' Statement
// ResultSet re;
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/school?useUnicode=true&useSSL=true&characterEncoding=utf8","root","123456");
String sql="select name,testmd5 from ak where id=?"; //?占位符
PreparedStatement pst =con.prepareStatement(sql); //预编译,传入SQL之后赋值,防止SQL注入,本质是把传入参数字符化,如'会被转义
pst.setInt(1,4); //第1个参数为4
ResultSet re=pst.executeQuery();
while(re.next()){
System.out.println(re.getString("name"));
System.out.println(re.getString("testmd5"));
// System.out.println(new java.sql.Date(new Date(1).getTime()));
}
re.close();
pst.close();
con.close();
}
}
JDBC防止SQL注入加强
最新推荐文章于 2023-05-30 23:04:39 发布