使用preparedStatement对象,可以有效的防止SQL注入
package com.wang.lesson03;
import com.wang.liesson2.utils.jdbcUtils;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.Date;
public class TestInsert {
public static void main(String[] args) {
Connection conn = null;
PreparedStatement st = null;
try {
conn = jdbcUtils.getConnection();
String sql = "insert into users(id,`NAME`,`password`,`email`,`birthday`) values(?,?,?,?,?)";
st = conn.prepareStatement(sql);
//手动赋值参数
st.setInt(1,4);
st.setString(2,"wangwu");
st.setString(3,"123456");
st.setString(4,"4568713@qq.com");
// 获得时间戳 new Date().getTime()
st.setDate(5,new java.sql.Date(new Date().getTime()));
//执行
int i = st.executeUpdate();
if(i>0){
System.out.println("插入成功");
}
} catch (SQLException e) {
e.printStackTrace();
}
}
}