通过Java代码实现对数据库的数据进行添加操作String names = Tools.isoToUtf8(request.getParameter("names"));
String sex = Tools.isoToUtf8(request.getParameter("sex")) ;
String blood = Tools.isoToUtf8(request.getParameter("blood"));
String hobby = Tools.arrToString(request.getParameterValues("hobby"),',');
String intro = Tools.isoToUtf8(request.getParameter("intro"));
long time = System.currentTimeMillis();
//得到上传文件名
String pic = UploadFile.getFileName(request,"pic");
//得到上传文件结束
//连接数据库开始
try {
Class.forName("com.mysql.jdbc.Driver");//加载驱动
//用法见:http://www.ncyteng.com/news/show/666.html
String jdbc="jdbc:mysql://127.0.0.1:3306/stu_info";
Connection conn = DriverManager.getConnection(jdbc, "root", "root");//链接到数据库
//方法一:
/* Statement state = conn.createStatement(); //state用来执行sql语句
String sql = "insert into students" +
" (names, sex, blood, hobby, pic, intro, time)values('"
+ names+"','"+sex + "','" + blood + "','" + hobby + "','" + pic + "','" + intro +"','"+time +"')";
System.out.println(sql);
int count = state.executeUpdate(sql); //将sql语句上传至数据库执行*/
//方法二:
String sql = "insert into students (names,sex,blood,hobby,pic,intro,time) value (?,?,?,?,?,?,?)";
PreparedStatement ps = conn.prepareStatement(sql);
//prepareStatement对象防止sql注入的方式是把用户非法输入的单引号用\反斜杠做了转义,从而达到了防止sql注入的目的
//setObject()用法,其中,第一个是指你SQL语句中的第几个参数,第二个是要设置的值
ps.setObject(1,names);
ps.setObject(2,sex);
ps.setObject(3,blood);
ps.setObject(4,hobby);
ps.setObject(5,pic);
ps.setObject(6,intro);
ps.setObject(7,time);
int count = ps.executeUpdate();
out.print("添加成功" + count);
ps.close();
conn.close();
} catch (ClassNotFoundException | SQLException e) {
e.printStackTrace();
}