我们使用prepareStatement来操作数据库,可以防止sql注入,并且无需拼接sql语句.
核心代码:
String sql = "insert into customers(name,email,birth)values(?,?,?)";
ps = connection.prepareStatement(sql);
ps.setString(1,"哪吒");
ps.setString(2,"nezha@gamail.com");
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
Date date = sdf.parse("1000-01-01");
ps.setDate(3, new java.sql.Date(date.getTime()));
ps.execute();
完整代码
InputStream is = connectTest.class.getClassLoader().getResourceAsStream("jdbcInfo.properties");
Properties pro = new Properties();
pro.load(is);
String user = pro.getProperty("user");
String password = pro.getProperty("password");
String url = pro.getProperty("url");
String driverClass = pro.getProperty("driverClass");
//利用反射
Connection connection = null;
PreparedStatement ps = null;
try {
Class.forName(driverClass);
connection = DriverManager.getConnection(url,user,password);
System.out.println(connection);
String sql = "insert into customers(name,email,birth)values(?,?,?)";
ps = connection.prepareStatement(sql);
ps.setString(1,"哪吒");
ps.setString(2,"nezha@gamail.com");
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
Date date = sdf.parse("1000-01-01");
ps.setDate(3, new java.sql.Date(date.getTime()));
ps.execute();
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
} catch (ParseException e) {
e.printStackTrace();
} finally {
if(ps!=null)
try {
ps.close();
} catch (SQLException e) {
e.printStackTrace();
}
if(connection!=null)
try {
connection.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
View Code
标签:ps,JDBC,JAVA,String,prepareStatement,pro,connection,sql,new
来源: https://www.cnblogs.com/superxuezhazha/p/12395673.html
扫一扫
761
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
