连接数据库的方法:
//方式一
public void connect01() throws Exception{
Driver driver = new Driver();//创建driver对象
String url = "jdbc:mysql://localhost:3306/data";
//将用户和密码放入到Properties对象
Properties properties = new Properties();
properties.setProperty("user","root");//用户
//properties.setProperty("password","123456");//密码
Connection connect = driver.connect(url, properties);//得到连接
}
public void connect02() throws Exception{
Class<?> aClass = Class.forName("com.mysql.jdbc.Driver");//使用反射加载Driver类
Driver driver = (Driver) aClass.newInstance();
}
public void connect03() throws Exception{
//使用Class.forName自动完成注册驱动
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/data";
String user = "root";
//String password = "123456";
Connection connection = DriverManager.getConnection(url, user, password);
}
public void connect04() throws Exception{
//在3的基础上改进,增加配置文件,让连接mysql更加灵活
Properties properties = new Properties();
properties.load(new FileInputStream("src\\jdbc_\\mysql.properties"));
String user = properties.getProperty("user");
String password = properties.getProperty("password");
String url = properties.getProperty("url");
String driver = properties.getProperty("driver");
Class.forName(driver);
Connection connection = DriverManager.getConnection(url, user, password);
System.out.println(connection);
}
ResultSet基本介绍:
1.表示数据库结果集的数据表,通常通过执行查询数据库的语句生成
2.ResultSet对象保持一个光标指向其当前的数据行。最开始光标位于第一行之前
3.next方法将光标移动到下一行,并且由于在ResultSet对象中没有更多行时返回false,因此可以在while循环中使用循环来遍历结果集
Statement statement = connection.createStatement();
String sql = "select id,name,sex,borndate from actor";
ResultSet resultSet = statement.executeQuery(sql);//得到结果集
while (resultSet.next()){
int id = resultSet.getInt(1);//获取该行第一列
String name = resultSet.getString(2);//第二列
String sex = resultSet.getString(3);
Date date = resultSet.getDate(4);
System.out.println(id + "\t" + name + "\t" + sex + "\t" + date);
}
Statement基本介绍:
1.Statement对象用于执行静态SQL语句并返回其生成的结果的对象
2.在连接建立后,需要对数据库进行访问,执行命令或是SQL语句,可以通过
Statement [ 存在SQL注入 ]
PreparedStatement [ 预处理 ]
CallableStatement [ 存储过程 ]
3.Statement对象执行SQL语句,存在SQL注入风险
4.SQL注入是利用某些系统没有对用户输入的数据进行充分的检查,而在用户输入数据中注入非法的SQL语句段或命令,恶意攻击数据库
5.要防范SQL注入,只要用PreparedStatement(从Statement扩展而来)取代Statement就可以
public class preparedStatement {
public static void main(String[] args) throws Exception{
Properties properties = new Properties();
properties.load(new FileInputStream("src\\jdbc_\\mysql.properties"));
String user = properties.getProperty("user");
String password = properties.getProperty("password");
String url = properties.getProperty("url");
String driver = properties.getProperty("driver");
Class.forName(driver);
Connection connection = DriverManager.getConnection(url, user, password);
//String sql = "create table admin( id int,name varchar(32))";
String sql = "insert into admin values(?,?)";
PreparedStatement preparedStatement = connection.prepareStatement(sql);
preparedStatement.setInt(1,1);
preparedStatement.setString(2,"jack");
preparedStatement.executeUpdate();
preparedStatement.close();
connection.close();
}
}