Startment、PreparedStatement对象详解及SQL注入问题
(1)Statement对象详解
1、提取工具类
#db.properties
dirver=com.mysql.jdbc.Driver
url=jdbc:mysql://localhost:3306/jdbcStudy?useUnicode=true&characterEncoding=utf8&useSSl=true
username=root
password=123456
package com.xiao.lesson02.utils;
import java.io.InputStream;
import java.sql.*;
import java.util.Properties;
//工具类
public class jdbcUtils {
private static String dirver;
private static String url;
private static String username;
private static String password;
static{
try {
InputStream in = jdbcUtils.class.getClassLoader().getResourceAsStream("db.properties");
Properties properties = new Properties();
properties.load(in);
dirver=properties.getProperty("dirver");
url=properties.getProperty("url");
username=properties.getProperty("username");
password=properties.getProperty("password");
//驱动只需加载一次
Class.forName(dirver);
} catch (Exception e) {
e.printStackTrace();
}
}
//获取连接
public static Connection getConnection() throws SQLException {
return DriverManager.getConnection(url, username, password);
}
//释放资源
public static void release(Connection conn, Statement st, ResultSet rs) throws SQLException {
if (rs != null) {
rs.close();
}
if(st!=null){
st.close();
}
if(conn!=null){
conn.close();
}
}
}
2、编写增、删、改的方法(executeUpdate()
)
package com.xiao.lesson02;
import com.xiao.lesson02.utils.jdbcUtils;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
//插入!!(增)
public class TestInsert {
public static void main(String[] args) throws SQLException {
Connection conn=null;
Statement st=null;
ResultSet rs=null;
try {
conn = jdbcUtils.getConnection(); //获取数据库连接
st=conn.createStatement(); //创建SQL的执行对象
String sql="insert into users(`id`,`NAME`,`PASSWORD`,`email`,`birthday`) " +
"values(4,'狂神','123456','2675295641@qq.com','2021-06-08')";
int rows= st.executeUpdate(sql); //执行插入
if(rows>0){
System.out.println("插入成功!!");
}
} catch (SQLException e) {
e.printStackTrace();
}finally{
jdbcUtils.release(conn,st,rs);
}
}
}
package com.xiao.lesson02;
import com.xiao.lesson02.utils.jdbcUtils;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
//删除
public class TestDelete {
public static void main(String[] args) throws SQLException {
Connection conn=null;
Statement st=null;
ResultSet rs=null;
try