MySQL入门学习day3随笔3

JDBC

• 数据库驱动

  • 我们的程序会通过数据库驱动和数据库打交道

• JDBC

  • Sun公司简化开发人员的操作，提供的规范

• 第一个JDBC项目

  • 创建一个Java项目

  • 导入jar包

  • 编写测试代码

    • 1 create database `jdbcStudy` character set utf8mb4 collate utf8mb4_bin;
      2 
      3 use `jdbcStudy`;
      4 
      5 
      6 insert into `users`(`id`,`NAME`,`PASSWORD`,`email`,`birthday`)
      7 values(1,'zhangsan','123456','zs@sina.com','1980-12-04'),
      8 (2,'lisi','123456','lisi@sina.com','1981-12-04'),`jdbcstudy`
      9 (3,'wangwu','123456','wangwu@sina.com','1979-12-04');

      建表添加数据

  •  1 public static void main(String[] args) {
     2         //加载驱动
     3         try {
     4             Class.forName("com.mysql.cj.jdbc.Driver");
     5         } catch (ClassNotFoundException e) {
     6             e.printStackTrace();
     7         }
     8         //用户信息和url
     9         String url = "jdbc:mysql://localhost:3306/jdbcstudy?useUnicod=true&characterEncoding=utf8";
    10         String userName = "root";
    11         String password = "123456";
    12 
    13         //连接成功，数据库对象
    14         try {
    15             Connection connection = DriverManager.getConnection(url, userName, password);
    16 
    17             //执行SQL的对象
    18             Statement statement = connection.createStatement();
    19 
    20             //执行SQL的对象执行SQL
    21             String sql = "select * from users";
    22 
    23             ResultSet resultSet = statement.executeQuery(sql);
    24 
    25             while (resultSet.next()){
    26                 System.out.print("id="+resultSet.getObject("id"));
    27                 System.out.print("\tname="+resultSet.getObject("name"));
    28                 System.out.print("\tpassword="+resultSet.getObject("password"));
    29                 System.out.print("\temail="+resultSet.getObject("email"));
    30                 System.out.println("\tbirth="+resultSet.getObject("birthday"));
    31             }
    32 
    33             //释放连接
    34             resultSet.close();;
    35             statement.close();
    36             connection.close();
    37 
    38         } catch (SQLException e) {
    39             e.printStackTrace();
    40         }
    41 
    42     }

    

    

• SQL注入

  • SQL存在漏洞，会被攻击导致数据泄露

• PreparedStatement

  • Connection connection = null;
    PreparedStatement pstm = null;
        try {
            connection = JdbcUtils.getConnection();
            //区别
            //使用问好占位符代替参数
            String sql = "insert into users(id,`NAME`) values(?,?)";
            pstm = connection.prepareStatement(sql);//预编译sql，先写sql然后不执行
            //手动赋值
            pstm.setInt(1, 8);
            pstm.setString(2, "SANJIN");
    
            //执行
            int i = pstm.executeUpdate();
            if (i > 0) {
                 System.out.println("插入成功");
            }
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            try {
                JdbcUtils.release(connection, pstm, null);
            } catch (SQLException throwables) {
                throwables.printStackTrace();
            }
        }