1- 需要jar 包
mysql-connector-java-5.1.37-bin.jar (不一定是mysql的jar 包, 也有oracle 的)
2- 编程步骤:
* 1- 注册驱动 * 告知JVM使用的是哪一个数据库的驱动 * 2- 获得链接 * 使用JDBC中的类,完成对MySql数据库的链接 * 3- 获得语句执行平台 * 通过连接对象获取对sql语句的执行对象 * 4- 执行sql语句 * 使用执行对象,想数据库执行sql 语句 * 获取到数据库的执行后的结果 * 5- 处理结果 * 6- 释放资源 * 调用一堆的close();
3- 具体代码:prepareStatement
// 1- 注册驱动 Class.forName("com.mysql.jdbc.Driver"); // 2- 获取连接对象 String url = "jdbc:mysql://localhost:3306/mydatabase"; //String url = "jdbc:mysql://localhost:3306/mydatabase"; String name = "root"; String password = "root"; Connection connection = DriverManager.getConnection(url, name, password); // 3- 获取执行对象 //Statement statement = connection.createStatement(); // 4- 执行sql 语句并 获取结果 Scanner scanner = new Scanner(System.in); String uname = scanner.nextLine(); String upassword = scanner.nextLine(); String sql = "select * from user where uname = ? and upassword = ? "; PreparedStatement preparedStatement = connection.prepareStatement(sql); preparedStatement.setObject(1,uname); preparedStatement.setObject(2,upassword); ResultSet resultSet = preparedStatement.executeQuery(); // 5- 处理结果 while ( resultSet.next() ){ System.out.println(resultSet.getString("uname") + "\t" + resultSet.getString("upassword")); } // 6- 关闭资源 preparedStatement.close(); connection.close();
4- sql注入的例子: Statement
String driver = "com.mysql.jdbc.Driver"; String url = "jdbc:mysql://localhost:3306/mydatabase"; String user = "root"; String password = "root"; Class.forName(driver); Connection connection = DriverManager.getConnection(url, user, password); Statement statement = connection.createStatement(); // sql 注入 or 1=1 a //laksjdf' or '1=1 //a 1 //b 2 Scanner scanner = new Scanner(System.in); String username = scanner.nextLine(); String userpassword = scanner.nextLine(); String sql = "select * from user where uname = '"+username +"' and upassword = '" + userpassword + "'"; ResultSet resultSet = statement.executeQuery(sql); while ( resultSet.next() ){ System.out.println(resultSet.getString("uname") + "\t" + resultSet.getString("upassword")); } statement.close(); connection.close();