jdbc連接mysql數據庫並執行sql的步驟
- 加載mysql的驅動類
- 使用DriverManager獲取數據庫連接Connection,入參爲連接url、數據庫賬號、密碼
- 使用Connection獲取聲明Statement
- 查詢:使用Statement調用excuteQuery獲取結果集ResuleSet;增刪改:使用Statement調用excuteUpdate獲取影響行數
- 按資源打開的倒序關閉所有連接
在pom.xml中添加mysql和java的連接驅動jar包
<!-- 導入Mysql數據庫鏈接jar包 -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.30</version>
</dependency>
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;
public class DBConnect {
/**
* mysql連接url
*/
private static final String URL = "jdbc:mysql://127.0.0.1:3306/test";
/**
* 數據庫連接賬號名
*/
private static final String USER = "root";
/**
* 數據庫連接密碼
*/
private static final String PASSWORD = "123456";
/**
* mysql數據庫驅動類名
*/
private static final String DRIVER_NAME = "com.mysql.jdbc.Driver";
/**
* @Author cuizx
* @Description 獲取數據庫連接
* @Date 2019/8/23 21:39
* @Param []
* @return java.sql.Connection
**/
private Connection getConnection(){
Connection conn = null;
try {
//加載mysql驅動類
Class.forName(DRIVER_NAME);
//獲取數據庫連接
conn = DriverManager.getConnection(URL,USER,PASSWORD);
}catch (Exception e){
e.printStackTrace();
}
return conn;
}
/**
* @Author cuizx
* @Description 按照連接方式倒序關閉所有連接
* @Date 2019/8/23 21:42
* @Param [conn, stmt, resultSet]
* @return void
**/
private void closeConnection(Connection conn,Statement stmt,ResultSet resultSet){
try {
if(resultSet != null){
resultSet.close();
}
if(stmt != null){
stmt.close();
}
if(conn != null){
conn.close();
}
}catch (Exception e){
e.printStackTrace();
}
}
/**
* @Author cuizx
* @Description 查詢
* @Date 2019/8/23 21:40
* @Param [sql]
* @return void
**/
public void query(String sql){
Statement stmt = null;
ResultSet resultSet = null;
Connection conn = getConnection();
try {
//創建聲明
stmt = conn.createStatement();
//獲取resultSet結果集
resultSet = stmt.executeQuery(sql);
//循環取出所有數據
while (resultSet.next()){
String id = resultSet.getString("id");
String userName = resultSet.getString("userName");
System.out.println("查詢結果:id:" + id +","+ "userName:" + userName);
}
}catch (Exception e){
e.printStackTrace();
}finally{
closeConnection(conn,stmt,resultSet);
}
}
/**
* @Author cuizx
* @Description 增刪改
* @Date 2019/8/23 21:40
* @Param [sql]
* @return void
**/
public void insertDeleteUpdate(String sql){
Statement stmt = null;
int result = 0;
Connection conn = getConnection();
try {
//創建聲明
stmt = conn.createStatement();
//獲取result結果影響行數
result = stmt.executeUpdate(sql);
System.out.println("執行結果:" + result);
}catch (Exception e){
e.printStackTrace();
}finally{
closeConnection(conn,stmt,null);
}
}
public static void main(String[] args) {
String sql = "select * from user";
String insertSql = "insert into user (id,userName) values('123','cuizx')";
String updateSql = "update user set userName ='更新後' where id ='123'";
String deleteSql = "delete from user where id ='123'";
DBConnect dbConnect = new DBConnect();
dbConnect.query(sql);
dbConnect.insertDeleteUpdate(insertSql);
dbConnect.insertDeleteUpdate(updateSql);
dbConnect.insertDeleteUpdate(deleteSql);
}
}
Statement和PreparedStatement
上面jdbc連接數據庫代碼中使用的是Statement,接下來說一下PreparedStatement
- PreparedStatement是Statement的子類
- 預編譯執行計劃,Statement每次執行都需要重新編譯解析執行,這樣的做法大部分時間開銷很大;PreparedStatement先將sql給編譯好,預編譯的結果會被緩存在數據庫中,當下次相同的sql執行的時候,便不用再次編譯,數據庫只需要解析並執行就可以了,減少了開銷,優化了性能。
- Statement採用sql拼接的方式來生成最終要執行的sql,這樣的寫法比較複雜,也不容易維護;PreparedStatement採用佔位符的方式來設置入參,可規定入參數據類型,sql可讀性、可維護性提高
- Statement有sql注入風險,可以通過在sql條件後添加or 1=1來進行注入;PreparedStatement避免sql注入攻擊,攻擊者可通過在查詢條件語句入參後加 or 1=1查詢出所有數據,或者delete語句後添加or 1=1刪除表中所有數據,這樣來進行sql注入攻擊,但是PreparedStatement會預先將sql語句和參數編譯好,它在使用佔位符來設置入參的時候會給入參添加單引號,這樣惡意注入的sql就變成了where id = '1 or 1=1',這樣的話sql注入就無效了。
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.PreparedStatement;
public class PreparedStatementJDBCConncect {
private static final String URL = "jdbc:mysql://127.0.0.1:3306/mytest";
private static final String NAME = "root";
private static final String PASSWORD = "123456";
public void preparedStatementExcute(){
Connection conn = null;
PreparedStatement preparedStatement = null;
ResultSet resultSet = null;
String sql = "select * from user where id = ?";
try {
Class.forName("com.mysql.jdbc.Driver");
conn = DriverManager.getConnection(URL,NAME,PASSWORD);
preparedStatement = conn.prepareStatement(sql);
preparedStatement.setString(1,"1");
resultSet = preparedStatement.executeQuery();
while(resultSet.next()){
String id = resultSet.getString("id");
String userName = resultSet.getString("userName");
System.out.println("id:"+id+",userName:"+userName);
}
}catch (Exception e){
e.printStackTrace();
}
}
public static void main(String[] args) {
PreparedStatementJDBCConncect preparedStatementJDBCConncect = new PreparedStatementJDBCConncect();
preparedStatementJDBCConncect.preparedStatementExcute();
}
}