PreparedStatement跟Statement比较,可以防止sql的注入,并可以提高查询速度的性能。
下边贴上代码。
package cn.sigangjun.project;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
/**
* @author sigangjun
*
*/
public class MysqlJdbcTest2 {
public static void main(String[] args) throws SQLException, InstantiationException, IllegalAccessException, ClassNotFoundException {
//1.注册驱动
DriverManager.registerDriver(new com.mysql.jdbc.Driver());
System.getProperty("jdbc.drivers","com.mysql.jdbc.Driver:oracle.jdbc.driver.OracleDriver");
Class.forName("com.mysql.jdbc.Driver").newInstance();
//2.建立连接
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/dang","root","root");
//3.创建语句
PreparedStatement ps = con.prepareStatement("select * from d_user where id=?");
ps.setString(1, "1");
//4.执行语句
ResultSet rs = ps.executeQuery();
//5.执行结果
while(rs.next()){
System.out.print(rs.getObject(1)+"\t");
System.out.print(rs.getObject(2)+"\t");
System.out.print(rs.getObject(3)+"\t");
System.out.println(rs.getObject(4));
}
//6.释放资源
rs.close();
ps.close();
con.close();
}
}