public void test01() throws Exception {//DQL
Properties properties = new Properties();
properties.load(new FileInputStream("src\\mysql.properties"));
String url = properties.getProperty("url");
//加载driver
Class.forName(properties.getProperty("driver"));
//获取连接
Connection connection = DriverManager.getConnection(url, properties);
String sql = "select * from student where id > ?";
/*获取preparedStatement,? 代替拼接,解决SQL注入问题,预处理sql,提升效率
* preparedStatement 是一个接口,connection.prepareStatement(sql)获取的为preparedStatement的实现类对象
* */
PreparedStatement preparedStatement = connection.prepareStatement(sql);
//给? 赋值
preparedStatement.setInt(1, 1001);
ResultSet resultSet = preparedStatement.executeQuery();
while (resultSet.next()) {
int id = resultSet.getInt("id");
String name = resultSet.getString("name");
int age = resultSet.getInt("age");
String gender = resultSet.getString("gender");
System.out.println(id + "\t" + name + "\t" + age + "\t" + gender);
}
resultSet.close();
preparedStatement.close();
connection.close();
}
@Test
public void test02() throws Exception {//DML
Properties properties = new Properties();
properties.load(new FileInputStream("src\\mysql.properties"));
String url = properties.getProperty("url");
//加载driver
Class.forName(properties.getProperty("driver"));
//驱动管理类DriverManager获取connection连接
Connection connection = DriverManager.getConnection(url, properties);
//String sql = "insert into student values(?,?,?,?)";
String sql = "update student set gender = ? where id = ?";
PreparedStatement preparedStatement = connection.prepareStatement(sql);
preparedStatement.setInt(2, 1001);
preparedStatement.setString(1, "女");
int affectedRow = preparedStatement.executeUpdate();
System.out.println(affectedRow > 0 ? "成功" : "数据库未改变");
preparedStatement.close();
connection.close();
}ava
idea连接数据库02-preparedStatement解决SQL注入
最新推荐文章于 2024-07-24 08:37:43 发布