1.下載jar包
jar包下載網址:jar包下載官網
注意:下載使用數最多的,別下載有後綴的。
第一步:
第二步:
第三步:
2.往eclipse中導入jar包
第一步:下載好後創建lib文件夾
第二步:把jar文件複製到lib文件中
當出現這樣的圖片的時候導入成功
3.連接MySQL,實現增刪改查
public class Demo01 {
public static void main(String[] args) {
Connection conn = null;
try {
//1.加載MySQL的驅動類 com.mysql.jdbc.Driver
//Class.forName:將MySQL的驅動類加載到內存中
Class.forName("com.mysql.jdbc.Driver");//JDK1.7之前以下必須JDK1.8以上不是必須,建議寫
//2.獲取數據庫連接對象
//獲取數據庫連接的要素:host port user password
String url = "jdbc:mysql://localhost:3306/ishopn?characterEncoding=utf8";
String user = "root";
String password = "123456";
conn = DriverManager.getConnection(url, user, password);
//3.實現數據庫的操作
//3.1編寫sql語句
//增
String insert_sql = "insert into commoditytype (ct_id,ct_name) values (8,'電腦配件')";
//刪
String delete_sql = "delete from commoditytype where ct_id = 8";
//改
String update_sql = "update commoditytype set ct_name='電腦配件' where ct_id=7";
//查
String query_sql = "select * from customer";
//3.2獲取執行對象
Statement state = conn.createStatement();
//executeUpdate()方法返回的是一個int類型的值
// int s = state.executeUpdate(insert_sql);
// int s = state.executeUpdate(delete_sql);
// int s = state.executeUpdate(update_sql);
// System.out.println(s);
//executeQuery()方法返回的是一個ResultSet(資源結果集)
ResultSet rs = state.executeQuery(query_sql);
while(rs.next()) {
/**
* 1.rs.getString("cu_id") 和 rs.getString(1) 兩個方法獲取的是同一個值
* 2.getSting()方法如果內容爲空就返回null
* 3.rs.getInt()方法如果內容爲空就返回0
*
*/
// String cu_id = rs.getString("1"); //從1開始
// String cu_name = rs.getString("2");
// String cu_phone = rs.getString("3");
// int cu_gender = rs.getInt("4");
// String cu_address = rs.getString("5");
//迭代 數據集中的每一行 從每一行中獲取相應的數據
//根據字段名稱來獲取
String cu_id = rs.getString("cu_id");
String cu_name = rs.getString("cu_name");
String cu_phone = rs.getString("cu_phone");
int cu_gender = rs.getInt("cu_gender");
String cu_address = rs.getString("cu_address");
System.out.print(cu_id+":"+cu_name+"|"+cu_phone+"|"+cu_gender+"|"+cu_address);
System.out.println();
}
} catch (Exception e) {
e.printStackTrace();
}finally {
if(conn != null) {
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
}
4.sql注入攻擊
正常通過輸入實現用戶登錄:
使用sql注入攻擊實現用戶登錄
核心代碼:String cu_name = “’ or 1=1 #”;不管手機號是多少都能登錄成功
注意:這是10多年前的技術,現在已經淘汰
public class Demo02 {
public static void main(String[] args) {
Connection conn = null;
try {
Class.forName("com.mysql.jdbc.Driver");
//創建數據庫連接
String url = "jdbc:mysql://localhost:3306/ishopn?characterEncoding=utf8";
String user = "root";
String password = "123456";
conn = DriverManager.getConnection(url, user, password);
/**
* sql注入攻擊
*/
// String cu_name = "' or 1=1 #";
// String cu_phone = "dadada";
/**
* 用戶輸入實現登錄
*/
Scanner scan = new Scanner(System.in);
System.out.println("請輸入名字:");
String cu_name = scan.next();
System.out.println("請輸入手機號:");
String cu_phone = scan.next();
String sql = "select count(*) from customer where cu_name='"+cu_name+"' and cu_phone='"+cu_phone+"'";
Statement state = conn.createStatement();
ResultSet rs = state.executeQuery(sql);
rs.next();
int s = rs.getInt(1);
if(s>0) {
System.out.println("登錄成功!");
}else {
System.out.println("用戶名或密碼錯誤!");
}
} catch (Exception e) {
e.printStackTrace();
}finally {
if(conn != null) {
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
}
4.常用prepareStatement方法
簡單瞭解PreparedStatement和Statement的區別:
- 選擇PreparedStatement還是Statement取決於你要怎麼使用它們。對於只執行一次的SQL語句選擇Statement是最好的;相反,如果SQL語句被多次執行選PreparedStatement是最好的。
- PreparedStatement: 數據庫會對sql語句進行預編譯,下次執行相同的sql語句時,數據庫端不會再進行預編譯了,而直接用數據庫的緩衝區,提高數據訪問的效率(但儘量採用使用?號的方式傳遞參數),如果sql語句只執行一次,以後不再複用。
- 從安全性上來看,PreparedStatement是通過?來傳遞參數的,避免了拼sql而出現sql注入的問題,所以安全性較好。推薦使用 PreparedStatement。
- PreparedStatement對象不僅包含了SQL語句,而且大多數情況下這個語句已經被預編譯過,因而當其執行時,只需DBMS運行SQL語句,而不必先編譯。
如果想深入瞭解兩者之間的區別:
建議看這篇博客:statement 、prepareStatement的用法和解釋
注意:’"+cu_name+"'可以用?代替
public class Demo03 {
public static void main(String[] args) {
Connection conn = null;
try {
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/ishopn?characterEncoding=utf8";
String user = "root";
String password = "123456";
conn = DriverManager.getConnection(url, user, password);
/*
* String cu_name = "劉德華";
* String cu_phone = "9999";
* String sql = "select count(*) from customer where cu_name=? and cu_phone=?";
* PreparedStatement ps = conn.prepareStatement(sql);
* ps.setString(1, cu_name);
* ps.setString(2, cu_phone);
*
* ResultSet rs = ps.executeQuery(); rs.next();
* System.out.println(rs.getInt(1));
*/
String cu_id = "2a4e0cdd-380e-41bf-960f-f2f6d0a6ccae";
String cu_phone = "9999";
String sql = "update customer set cu_phone=? where cu_id=?";
//使用prepareStatement(sql)獲取執行對象
PreparedStatement ps = conn.prepareStatement(sql);
//注意:ps.setShort(parameterIndex, x);方法中實參傳入要和上面查詢語句中寫的順序一致
ps.setString(1, cu_phone);
ps.setString(2, cu_id);
int line = ps.executeUpdate();
System.out.println(line);
} catch (Exception e) {
e.printStackTrace();
} finally {
if (conn != null) {
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
}