package jdbc;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;
/*
* 测试执行sql语句,一级sql注入问题
*
*
*/
public interface Demo02 {
public static void main(String[] args) throws Exception {
//加载驱动类
Class.forName("com.mysql.cj.jdbc.Driver");
long start = System.currentTimeMillis();//开始建立连接
//建立连接
Connection conn = DriverManager.getConnection( "jdbc:mysql://localhost:3306/jdbcTest?serverTimezone" +
"=UTC&characterEncoding=utf-8&useSSL=false","root","root");
long end = System.currentTimeMillis();
System.out.println(conn);
System.out.println("建立连接:耗时" + (end-start) +"ms毫秒");
//连接对象内部其实包含了一个socket对象,是一个远程连接,建立连接很耗时,
//真正开发时,为了提高效率,会使用连接池来管理连接对象
//Statement 1 不支持参数 sql语句只能用字符串拼接 2 不能防止sql注入
Statement stmt = (Statement) conn.createStatement();
String sql = "insert into to_user (username,pwd,regTime) values('赵柳',66666,now())";//sql语句
stmt.execute(sql);//执行sql语句
//
}
}
PreparedStatement
package jdbc;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.util.Date;
public class Demo03 {
public static void main(String[] args) throws Exception {
Class.forName("com.mysql.cj.jdbc.Driver");
Connection conn = DriverManager.getConnection( "jdbc:mysql://localhost:3306/jdbcTest?serverTimezone" +
"=UTC&characterEncoding=utf-8&useSSL=false","root","root");
//PreparedStatement 1 支持占位符 2 防止sql注入
String sql = "insert into to_user (username,pwd, regTime) values (?,?,?)";//?是占位符
PreparedStatement p = conn.prepareStatement(sql);
// p.setString(1, "dan");//参数索引是从1开始算,不是0
// p.setString(2, "john");
// p.setDate(3, new java.sql.Date(System.currentTimeMillis()));
//set后面不跟数据类型可以使用setObject
p.setObject(1, "shan");
p.setObject(2, "john222");
p.setObject(3, new java.sql.Date(System.currentTimeMillis()));
System.out.println("插入一条数据");
p.execute();//执行sql语句
}
}
Resultset
package jdbc;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Set;
public class Demo04 {
public static void main(String[] args) {
Connection conn = null;
PreparedStatement p = null;
ResultSet rs = null;
try {
Class.forName("com.mysql.cj.jdbc.Driver");
conn = DriverManager.getConnection( "jdbc:mysql://localhost:3306/jdbcTest?serverTimezone" +
"=UTC&characterEncoding=utf-8&useSSL=false","root","root");
String sql = "select id,username,pwd from to_user where id >= ?";
p = conn.prepareStatement(sql);
p.setObject(1, 2);//找打所有id>=2的数据
rs = p.executeQuery();//获得结果集
//遍历数组 打印
while (rs.next()) {
System.out.println(rs.getInt(1) + "--------" + rs.getString(2) + "-----------" + rs.getObject(3));
}
} catch (SQLException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
}finally {
//一定记住关闭数据库资源 顺序 resultset --->statment ----->connection 这三个try catch块要分开写
try {
if (rs != null) {
rs.close();
}
} catch (SQLException e1) {
e1.printStackTrace();
}
try {
if (p != null) {
p.close();
}
} catch (SQLException e) {
e.printStackTrace();
}
try {
if (conn != null) {
conn.close();
}
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}