数据库的连接与基本操作
public class JDBCDemo {
public static void main(String[] args)throws ClassNotFoundException,SQLException{
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3296/mybase";
String username="root";
String password="123";
Connection con = DriverManager.getConnection(url, username, password);
Statement stat = con.createStatement();
int row = stat.executeUpdate
("INSERT INTO sort(sname,sprice,sdesc) VALUES('汽车用品',50000,'疯狂涨价')");
System.out.println(row);
stat.close();
con.close();
}
}
注入攻击
public class JDBCDemo2 {
public static void main(String[] args)throws Exception {
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3296/mybase";
String username = "root";
String password = "123";
Connection con = DriverManager.getConnection(url, username, password);
Statement stat = con.createStatement();
Scanner sc = new Scanner(System.in);
String user = sc.nextLine();
String pass = sc.nextLine();
String sql = "SELECT * FROM users WHERE username='"+user+"' AND PASSWORD='"+pass+"'";
System.out.println(sql);
ResultSet rs = stat.executeQuery(sql);
while(rs.next()){
System.out.println(rs.getString("username")+" "+rs.getString("password"));
}
rs.close();
stat.close();
con.close();
}
}
PrepareStatement接口预编译SQL语句
public class JDBCDemo3 {
public static void main(String[] args)throws Exception {
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3296/mybase";
String username = "root";
String password = "123";
Connection con = DriverManager.getConnection(url, username, password);
Scanner sc = new Scanner(System.in);
String user = sc.nextLine();
String pass = sc.nextLine();
String sql = "SELECT * FROM users WHERE username=? AND PASSWORD=?";
PreparedStatement pst = con.prepareStatement(sql);
System.out.println(pst);
pst.setObject(1, user);
pst.setObject(2, pass);
ResultSet rs = pst.executeQuery();
while(rs.next()){
System.out.println(rs.getString("username")+" "+rs.getString("password"));
}
rs.close();
pst.close();
con.close();
}
}
PrepareStatement接口预编译SQL语句执行修改
public class JDBCDemo {
public static void main(String[] args) throws Exception{
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3296/mybase";
String username="root";
String password="123";
Connection con = DriverManager.getConnection(url, username, password);
String sql = "UPDATE sort SET sname=?,sprice=? WHERE sid=?";
PreparedStatement pst = con.prepareStatement(sql);
pst.setObject(1, "汽车美容");
pst.setObject(2, 49988);
pst.setObject(3, 7);
pst.executeUpdate();
pst.close();
con.close();
}
}