项目结构
log4j.properties
# DEBUG\u8BBE\u7F6E\u8F93\u51FA\u65E5\u5FD7\u7EA7\u522B\uFF0C\u7531\u4E8E\u4E3ADEBUG\uFF0C\u6240\u4EE5ERROR\u3001WARN\u548CINFO \u7EA7\u522B\u65E5\u5FD7\u4FE1\u606F\u4E5F\u4F1A\u663E\u793A\u51FA\u6765
log4j.rootLogger=DEBUG,Console,RollingFile
#\u5C06\u65E5\u5FD7\u4FE1\u606F\u8F93\u51FA\u5230\u63A7\u5236\u53F0
log4j.appender.Console=org.apache.log4j.ConsoleAppender
log4j.appender.Console.layout=org.apache.log4j.PatternLayout
log4j.appender.Console.layout.ConversionPattern= [%-5p]-[%d{yyyy-MM-dd HH:mm:ss}] -%l -%m%n
#\u5C06\u65E5\u5FD7\u4FE1\u606F\u8F93\u51FA\u5230\u64CD\u4F5C\u7CFB\u7EDFD\u76D8\u6839\u76EE\u5F55\u4E0B\u7684log.log\u6587\u4EF6\u4E2D
log4j.appender.RollingFile=org.apache.log4j.DailyRollingFileAppender
log4j.appender.RollingFile.File=D://log.log
log4j.appender.RollingFile.layout=org.apache.log4j.PatternLayout
log4j.appender.RollingFile.layout.ConversionPattern=%d [%t] %-5p %-40.40c %X{traceId}-%m%n
db.properties
db.username=root
db.password=root
db.url=jdbc:mysql://127.0.0.1:3306/test
ProertiesTool
package com.zzu.tool;
import java.io.IOException;
import java.io.InputStream;
import java.util.Properties;
public class PropertiesTool {
private static Properties properties=new Properties();
static {
InputStream inputStream=PropertiesTool.class.getClassLoader().getResourceAsStream("db.properties");//将db.properties变为IO流
try {
properties.load(inputStream);
} catch (IOException e) {
e.printStackTrace();
}
}
public static String getValue(String key) {
return properties.getProperty(key);
}
}
IRowMapper
package com.jd.tool.db;
import java.sql.ResultSet;
public interface IRowMapper {
void rowMapper(ResultSet rs);
}
DBLink
package com.zzu.tool.db;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import org.apache.log4j.Logger;
import com.zzu.tool.PropertiesTool;
/**
*
* JDBC工具类
*
* @author ChenLingFeng
*/
public class DBLink {
private Logger logger=Logger.getLogger(DBLink.class);
/**
* 获取数据库连接
*
* @author Lenovo
*/
private Connection getConnection() {
try {
Class.forName("com.mysql.jdbc.Driver"); //加载驱动
String username=PropertiesTool.getValue("db.username");
String password=PropertiesTool.getValue("db.password");
String url= PropertiesTool.getValue("db.url");
return DriverManager.getConnection(url, username, password); //建立连接
} catch (Exception e) {
// TODO Auto-generated catch block
logger.debug(e.getMessage(),e);
}
return null;
}
/**
* 对数据进行添加,删除,修改等操作
*
*
* @author Lenovo
*/
public boolean update(String sql,Object ...params) {
Connection connection=null;
PreparedStatement preparedStatement=null;
try {
connection=getConnection();
preparedStatement=connection.prepareStatement(sql);
for (int i = 0; i < params.length; i++) {
preparedStatement.setObject(i+1, params[i]);
}
return preparedStatement.executeUpdate()>0;
} catch (SQLException e) {
// TODO Auto-generated catch block
logger.debug(e.getMessage(),e);
}finally {
close(preparedStatement,connection);
}
return false;
}
/**
* 查询数据select,
* 调用时可对IRowMapper接口通过内部类实现具体想要进行的操作。
*
* @author Lenovo
*/
public void select(String sql ,IRowMapper rowMapper,Object ... params) {
Connection connection=null;
PreparedStatement preparedStatement=null;
ResultSet rs=null;
try {
connection=getConnection();
preparedStatement=connection.prepareStatement(sql);//获取含有?占位符的sql语句
for (int i = 0; i < params.length; i++) {
preparedStatement.setObject(i+1, params[i]);//填充?
}
rs=preparedStatement.executeQuery();
rowMapper.rowMapper(rs);
} catch (Exception e) {
logger.debug(e.getMessage(),e);
}finally {
close(rs,preparedStatement,connection);
}
}
/**
* 判断sql语句是否能查出数据
*
*
* @author Lenovo
*/
public boolean exist(String sql,Object...params) {
Connection connection=null;
PreparedStatement preparedStatement=null;
ResultSet resultSet=null;
try {
connection=getConnection();
preparedStatement=connection.prepareStatement(sql);
for (int i = 0; i < params.length; i++) {
preparedStatement.setObject(i+1, params[i]);
}
resultSet=preparedStatement.executeQuery();
return resultSet.next();
} catch (Exception e) {
logger.debug(e.getMessage(),e);
}finally {
close(resultSet,preparedStatement,connection);
}
return false;
}
/**
* 释放资源
*
*
* @author Lenovo
*/
private void close(ResultSet resultSet,Statement statement,Connection connection) {
try {
if(resultSet!=null) {
resultSet.close();
}
} catch (SQLException e) {
logger.debug(e.getMessage(),e);
}
try {
if(statement!=null) {
statement.close();
}
} catch (SQLException e) {
logger.debug(e.getMessage(),e);
}
try {
if(connection!=null) {
connection.close();
}
} catch (SQLException e) {
logger.debug(e.getMessage(),e);
}
}
/**
* (重载)释放资源
*
*
* @author Lenovo
*/
public void close(Statement statement,Connection connection) {
if(statement!=null) {
try {
statement.close();
} catch (SQLException e) {
logger.debug(e.getMessage(),e);
}
}
if(connection!=null) {
try {
connection.close();
} catch (SQLException e) {
logger.debug(e.getMessage(),e);
}
}
}
}
Test(测试类)
package com.jd.tool.test;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import com.jd.tool.db.DBLink;
import com.jd.tool.db.IRowMapper;
public class Test {
//SQL注入:改变原有sql语句的含义产生意想不到的结果,sql注入曾经是黑客注入的手段之一
public static void main(String[] args) {
String id="我是";
String name="黑客'or'1'='1";
String sql="select id from student where id='1qw' and name='2we'";
System.out.println(sql);
class RowMapper implements IRowMapper{//内部类只是为了给调用的方法里的IRowMapper实现方法,从而形成多态,在处理结果时实则调用此处的
@Override
public void rowMapper(ResultSet rs) {
try {
if (rs.next()) {
System.out.println("ok");
}
else {
System.out.println("No");
}
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
RowMapper rowMapper=new RowMapper();
if(new DBLink().exist(sql)) {
System.out.println("Ok");
}
else {
System.out.println("No");
}
}
}