public void add(Customer c){ Connection conn = null; PreparedStatement st = null; ResultSet rs = null; try{ conn = JdbcUtils.getConnection();//工具类jdbcUtils,连接数据库,三层架构思想体现非常重要
//此方法预防sql注入,采用prepareStatement ,注意SQL 代码的写法 String sql = "insert into customer(id,name,gender,birthday,cellphone,email,preference,type,description) values(?,?,?,?,?,?,?,?,?)"; st = conn.prepareStatement(sql); st.setString(1, c.getId()); st.setString(2, c.getName()); st.setString(3, c.getGender()); st.setDate(4, new java.sql.Date(c.getBirthday().getTime())); st.setString(5, c.getCellphone()); st.setString(6, c.getEmail()); st.setString(7, c.getPreference()); st.setString(8, c.getType()); st.setString(9, c.getDescription()); st.executeUpdate();//数据库执行更新语句 }catch (Exception e) { throw new DaoException();//自定义异常类 }finally{ JdbcUtils.release(conn, st, rs);//释放连接数据库资源 }