SQL注入:
SELECT * FROM user WHERE name=”abcd” and password=”“;
当password设置为1234” or “1”=”1”;
SELECT * FROM user WHERE name=”abcd” and password=”1234” or “1”=”1”;
所以在JDBC中,使用?替代参数
事务写法:
将获取到的连接的自动提交关闭就OK
Connection con=...;
con.setAutoConnit(false);
//操作完成之后再提交
con.commit;
JavaBean建立
public class Student {
private Integer Id;
private String Name;
private Integer Cno;
public Integer getId() {
return Id;
}
public void setId(Integer id) {
Id = id;
}
public String getName() {
return Name;
}
public void setName(String name) {
Name = name;
}
public Integer getCno() {
return Cno;
}
public void setCno(Integer cno) {
Cno = cno;