普通的连接:
1.加载驱动
Class.forName(“com.mysql.jdbc.Driver”);
//2.创建连接对象
conn=DriverManager.getConnection(“jdbc:mysql://localhost:3306/2008myschool”, “root”, “root”);
3.准备sql语句
String sql=“select sid,sname,sage,ssex,saddress,cid from t_student”;
4.创建执行对象
state=conn.createStatement();
5.用执行对象将sql语句传到数据库中去执行,并得到结果
rs=state.executeQuery(sql);
防SQL注入(预编译):
1.加载驱动
Class.forName(“com.mysql.jdbc.Driver”);
2.创建连接对象
conn=DriverManager.getConnection(“jdbc:mysql://localhost:3306/2008myschool”, “root”, “root”);
3.准备sql语句,?是sql语句中占位符
String sql="select account,user,password,money from t_bank where user=? and password=? ";
System.out.println(sql);
4.创建预编译的执行对象
state=conn.prepareStatement(sql);
给执行对象中sql语句的占位符传递
state.setString(1, uname);
state.setString(2, upwd);
5.用执行对象调用相应方法将sql语句传到数据库中去执行并得到结果
rs=state.executeQuery();