当前位置:网站首页>Use of prepareStatement
Use of prepareStatement
2022-08-09 08:03:00 【The worst programmer】
1.1prepareStatement解决sql注入的问题
//演示sql注入的安全问题
public static void main(String [] args) throws Exception{
Scanner scanner=new Scanner(System.in); //Scanner类有没有讲过.
System.out.print("请输入账号:");
String username = scanner.nextLine();
System.out.print("请输入密码:");
String password = scanner.nextLine(); //你输入的账号和密码 nextLine() 可以输入空格 回车任认为结束 next()输入空格后认为输入结束.
boolean b = sqlSafe02(username, password);
}
private static boolean sqlSafe(String name,String password) throws Exception{
Class.forName("com.mysql.cj.jdbc.Driver");
Connection conn = DriverManager.getConnection
("jdbc:mysql://localhost:3306/mydb?serverTimezone=Asia/Shanghai", "root", "root");
//使用PrepareStatement 这里的? 是占位符.
String sql="select * from t_user where username=? and password=?";
PreparedStatement ps = conn.prepareStatement(sql);//预编译sql
//为占位符赋值.根据占位符的类型使用不同的方法来赋值
ps.setString(1,name); //1表示第一个占位符 name:表示第一个占位符的值
ps.setString(2,password);
//执行sql语句
ResultSet rs = ps.executeQuery();
while (rs.next()){
System.out.println("登录成功");
return true;
}
System.out.println("登录失败");
return false;
}
2.prepareStatement完成增删改查
/*添加记录*/
@Test
public void addDemo01() throws ClassNotFoundException, SQLException {
Class.forName("com.mysql.cj.jdbc.Driver");
String url="jdbc:mysql://localhost:3306/mydb?serverTimezone=Asia/Shanghai";
String user="root";
String pwd ="root";
Connection connection = DriverManager.getConnection(url, user, pwd);
String sql = "insert into student values(null,?,?,?)";
PreparedStatement ps = connection.prepareStatement(sql);
ps.setString(1,"张三");
ps.setInt(2,16);
ps.setString(3,"北京");
ps.executeUpdate();
ps.close();
}
/*删除记录*/
@Test
public void deleteDemo01() throws ClassNotFoundException, SQLException {
Class.forName("com.mysql.cj.jdbc.Driver");
String url="jdbc:mysql://localhost:3306/mydb?serverTimezone=Asia/Shanghai";
String user="root";
String pwd ="root";
Connection connection = DriverManager.getConnection(url, user, pwd);
String sql = "delete from student where id = ?";
PreparedStatement ps = connection.prepareStatement(sql);
ps.setInt(1,3);
ps.executeUpdate();
ps.close();
}
/*修改记录*/
@Test
public void updateDemo01() throws ClassNotFoundException, SQLException {
Class.forName("com.mysql.cj.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/mydb?serverTimezone=Asia/Shanghai";
String user="root";
String pwd = "root";
Connection connection = DriverManager.getConnection(url, user, pwd);
String sql = "update student set address=? where id=26";
PreparedStatement ps = connection.prepareStatement(sql);
ps.setString(1,"北京");
ps.executeUpdate();
ps.close();
}
/*查询记录*/
@Test
public void searchDemo01() throws ClassNotFoundException, SQLException {
Class.forName("com.mysql.cj.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/mydb?serverTimezone=Asia/Shanghai";
String user="root";
String pwd = "root";
Connection connection = DriverManager.getConnection(url, user, pwd);
String sql="select * from student where id=?";
PreparedStatement ps = connection.prepareStatement(sql);
ps.setInt(1,7);
ResultSet rs = ps.executeQuery();
while (rs.next()){
String name = rs.getString("name");
int age = rs.getInt("age");
String address = rs.getString("address");
System.out.println(name+"\t"+age+"\t"+address);
}
rs.close();
}
边栏推荐
猜你喜欢
随机推荐
Four departments including the Ministry of Industry and Information Technology promote green smart home products to the countryside
C language: reverse character order
浅谈Endpoint
工信部等四部门推动绿色智能家居产品下乡
Native JDBC operation database
动态设置img标签图片失效问题
pragma comment的使用(转载)重新排版
练习电影卡片、过渡、动画、变形、旋转,练习时钟、立方体、缩放
HOOPS助力 SolidWorks edrawings 引入AR/VR技术
IP地址及子网划分
SOLIDWORKS 2022新功能直播揭秘!速来围观!
BIM技术多牛逼?BIM技术在建筑工程行业的四大发展趋势
Anaconda 更换默认虚拟环境
监视文本框的输入
贪吃蛇小游戏——C语言
LeetCode·每日一题·761.特殊的二进制序列·分治
【机器学习】降维代码练习
“互联网+”大学生创新创业大赛经历
.net(一)WebService创建
2019 Nanchang Internet Competition Question C, Hello 2019