增删改
- statement.executeUpdate()
Properties properties = new Properties();
properties.load(new FileInputStream("src\\mysql.properties"));
String driver = properties.getProperty("driver");
String url = properties.getProperty("url");
String user = properties.getProperty("user");
String password = properties.getProperty("password");
Class.forName(driver);
Connection connection = DriverManager.getConnection(url, user, password);
String sql = "update news set content = 'cyt is a beautify girl' where id=2";
Statement statement = connection.createStatement();
int i = statement.executeUpdate(sql);
System.out.println(i > 0 ? "true" : "false");
statement.close();
connection.close();
查找
Properties properties = new Properties();
properties.load(new FileInputStream("src\\mysql.properties"));
String driver = properties.getProperty("driver");
String url = properties.getProperty("url");
String user = properties.getProperty("user");
String password = properties.getProperty("password");
Class.forName(driver);
Connection connection = DriverManager.getConnection(url, user, password);
Statement statement = connection.createStatement();
String sql = "select id,content from news";
ResultSet resultSet = statement.executeQuery(sql);
while (resultSet.next()){
int id = resultSet.getInt(1);
String content = resultSet.getString(2);
System.out.println(id + "\t" + content);
}
resultSet.close();
statement.close();
connection.close();
statement
- 用户名:1’ or
- 密码: or ‘1’ = '1 // 万能密码
- 所以不安全不能使用
PreparedStatement
String sql = "insert into news values(?,?)";
PreparedStatement preparedStatement = connection.prepareStatement(sql);
preparedStatement.setObject(1,null);
preparedStatement.setString(2,"cyt是美女");
int rows = preparedStatement.executeUpdate();
System.out.println(rows > 0 ? "true" : "false");
String sql = "select id,content from news where id = ?";
PreparedStatement preparedStatement = connection.prepareStatement(sql);
preparedStatement.setInt(1,1);
ResultSet resultSet = preparedStatement.executeQuery();
while (resultSet.next()){
int id = resultSet.getInt(1);
String content = resultSet.getString(2);
System.out.println(id + "\t" + content);
}