1.入门
package cn.yjs.jdbc;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
public class JDBCDemo {
public static void main(String[] args) {
Connection conn = null;
Statement st = null;
ResultSet rs = null;
try {
//1.注册驱动
DriverManager.registerDriver(new com.mysql.jdbc.Driver());
//2.建立连接
conn = DriverManager.getConnection("jdbc:mysql://localhost/student", "root", "123456");
//3.创建statement,和数据库打交道,一定要有这个对象
st = conn.createStatement();
//4.执行查询并取回结果
String sql = "select * from t_stu";
rs = st.executeQuery(sql);
//5.循环取数据
while(rs.next()) {
int id = rs.getInt("id");
String name = rs.getString("name");
int age = rs.getInt("age");
}
}catch(SQLException e){
e.printStackTrace();
}finally {
try {
if(rs!=null)
rs.close();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}finally {
rs = null;
}
try {
if(st!=null)
st.close();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}finally {
st = null;
}
try {
if(conn!=null)
conn.close();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}finally {
conn = null;
}
}
}
}
Class.forName(driverClass);
//静态代码块 ---> 类加载了,就执行。 java.sql.DriverManager.registerDriver(new Driver());
//DriverManager.registerDriver(new com.mysql.jdbc.Driver());
2. JDBCUtil
package com.itheima.util;
import java.io.FileInputStream;
import java.io.InputStream;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Properties;
public class JDBCUtil {
static String driverClass = null;
static String url = null;
static String name = null;
static String password= null;
static{
try {
//1. 创建一个属性配置对象
Properties properties = new Properties();
InputStream is = new FileInputStream("jdbc.properties");
//使用类加载器,去读取src底下的资源文件。 后面在servlet
// InputStream is = JDBCUtil.class.getClassLoader().getResourceAsStream("jdbc.properties");
//导入输入流。
properties.load(is);
//读取属性
driverClass = properties.getProperty("driverClass");
url = properties.getProperty("url");
name = properties.getProperty("name");
password = properties.getProperty("password");
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* 获取连接对象
* @return
*/
public static Connection getConn(){
Connection conn = null;
try {
Class.forName(driverClass);
//静态代码块 ---> 类加载了,就执行。 java.sql.DriverManager.registerDriver(new Driver());
//DriverManager.registerDriver(new com.mysql.jdbc.Driver());
//DriverManager.getConnection("jdbc:mysql://localhost/test?user=monty&password=greatsqldb");
//2. 建立连接 参数一: 协议 + 访问的数据库 , 参数二: 用户名 , 参数三: 密码。
conn = DriverManager.getConnection(url, name, password);
} catch (Exception e) {
e.printStackTrace();
}
return conn;
}
/**
* 释放资源
* @param conn
* @param st
* @param rs
*/
public static void release(Connection conn , Statement st , ResultSet rs){
closeRs(rs);
closeSt(st);
closeConn(conn);
}
private static void closeRs(ResultSet rs){
try {
if(rs != null){
rs.close();
}
} catch (SQLException e) {
e.printStackTrace();
}finally{
rs = null;
}
}
private static void closeSt(Statement st){
try {
if(st != null){
st.close();
}
} catch (SQLException e) {
e.printStackTrace();
}finally{
st = null;
}
}
private static void closeConn(Connection conn){
try {
if(conn != null){
conn.close();
}
} catch (SQLException e) {
e.printStackTrace();
}finally{
conn = null;
}
}
}
3. Statement 和 PrepareStatement
Statement 安全问题:
select * from table where name=? or 1=1;(SQL注入)
select * from table where name=? and id= ?;
//预先对sql语句执行语法的校验,?对应的内容,后面不管 传递什么,都看成字符串。
PreparedStatement ps = new PreparedStatement(sql);
ps.setString(1, username);
ps.setString(2, password);
conn = JdbcUtil.getConnection();
//创建Statment stmt = conn.createStatement();
//准备sql //注意带参的sql语句的书写
String sql = "SELECT * FROM admin WHERE userName='"+name+"' AND pwd='"+password+"'";
System.out.println(sql);
//执行sql rs = stmt.executeQuery(sql);
//获取连接
conn = JdbcUtil.getConnection();
String sql = "SELECT * FROM admin WHERE userName=? AND pwd=?";
//预编译
stmt = conn.prepareStatement(sql);
//设置参数
stmt.setString(1, name);
stmt.setString(2, password);
//执行sql
rs = stmt.executeQuery();