JDBC
什麼是JDBC?爲什麼使用JDBC
1)SUN公司爲使Java程序靈活的訪問各種不同的關係型數據庫提供的規則。
2)爲什麼使用JDBC?
a)降低Java程序操作數據庫的成本
b)使Java程序靈活移植
*9 祥解JDBC連接數據庫的各個步驟
1)註冊驅動:DriverManager.registerDriver(newcom.mysql.jdbc.Driver());
java.sql.Driver(接口)-com.mysql.jdbc.Driver(實現類)
(首先返回true)boolean acceptsURL(String url)
查詢驅動程序是否認爲它可以打開到給定 URL 的連接。
(然後)Connection connect(String url, Properties info)
試圖創建一個到給定 URL 的數據庫連接。
注意:上述代碼會向DriverManager註冊二次相同的MySQL驅動,其中一次在Driver實現類中
項目中推薦使用以下代碼間接註冊數據庫驅動:
Class.forName("com.mysql.jdbc.Driver");
優點:
a)只註冊一次
b)無需導入與具體數據庫驅動相關的包
2)獲取數據庫連接對象:
Connectionconn = DriverManager.getConnection(
"jdbc:mysql://127.0.0.1:3306/mydb2","root","root");
3)關閉流
a)依次按resul->statement->connection順序關閉
b)在能完成業務的情況下,儘早關閉
*10 JDBC的六個固定步驟
1,註冊數據庫驅動[利用反射]
2,取得數據庫連接對象Connection
3,創建SQL對象
4,執行SQL命令,並返回結果集
5,處理結果集
6,依次關閉結果集
*11 使用JDBC完成CURD操作
insert/update/delete----Statement.executeUpdate(sql):返回值表示影響記錄的行數
select------------------Statement.exeucteQuery():返回值表示符合條件的記錄
create------------------ ?
drop-------------------- ?
sql腳本
create table user(
idint primary key auto_increment,
namevarchar(20),
gender varchar(6),
salary float
);
sql表腳本:
create table user(
idint primary key auto_increment,
namevarchar(20),
gender varchar(6),
salary float
);
insert into user(name,gender,salary)values('jack','male',4000);
insert into user(name,gender,salary)values('marry','female',5000);
insert into user(name,gender,salary) values('jim','male',6000);
insert into user(name,gender,salary)values('tom','male',7000);
insert into user(name,gender,salary)values('soso','female',NULL);
insert into user(name,gender,salary)values('haha','female',3500);
insert into user(name,gender,salary)values('hehe','female',4500);
利用db.propeties屬性文件配置數據庫連接信息
#db.propeties屬性文件
driver = com.mysql.jdbc.Driver
url = jdbc:mysql://127.0.0.1:3306/mydb2
user = root
password = root
JdbcUtil工具類
package cn.itcast.web.jdbc;
import java.io.InputStream;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Properties;
import org.junit.Test;
//JDBC工具類:關閉流和取得連接
publicfinalclass JdbcUtil {
privatestatic String driver;
privatestatic String url;
privatestatic String user;
privatestatic String password;
//靜態塊:加載文件
static{
Properties props = new Properties();
//getResourceAsStream()使用類加載器加載配置文件
InputStream is = Demo3.class.getClassLoader().getResourceAsStream("cn/itcast/web/jdbc/db.properties");
try {
props.load(is);
} catch (Exception e) {
e.printStackTrace();
}
driver = props.getProperty("driver");
url = props.getProperty("url");
user = props.getProperty("user");
password = props.getProperty("password");
}
//靜態塊:註冊驅動
static{
try {
Class.forName(driver);
} catch (Exception e) {
e.printStackTrace();
}
}
//取得連接
publicstatic Connection getMySqlConnection(){
Connection conn = null;
try {
conn = DriverManager.getConnection(url,user,password);
} catch (Exception e) {
e.printStackTrace();
}
return conn;
}
//關閉連接
publicstaticvoid close(ResultSet rs){
if(rs!=null){
try {
rs.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
publicstaticvoid close(Statement stmt){
if(stmt!=null){
try {
stmt.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
publicstaticvoid close(Connection conn){
if(conn!=null){
try {
conn.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
@Test
publicvoid test(){
try{
JdbcUtil.getMySqlConnection();
System.out.println("數據庫連接成功");
}catch(Exception e)
{
e.printStackTrace();
System.out.println("數據庫連接失敗");
}
}
}
Statement CURD
package cn.itcast.web.jdbc;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
import org.junit.Test;
//基於JDBC的CURD操作
public class Crud {
@Test
publicvoid create(){
Connectionconn = null;
Statementstmt = null;
ResultSetrs = null;
Stringsql = "insert into user(name,gender,salary) values('絲絲','女',3000)";
try{
conn= JdbcUtil.getMySqlConnection();
stmt= conn.createStatement();
inti = stmt.executeUpdate(sql);
System.out.println(i>0?"成功":"失敗");
}catch (Exception e) {
e.printStackTrace();
}finally{
JdbcUtil.close(rs);
JdbcUtil.close(stmt);
JdbcUtil.close(conn);
}
}
@Test
publicvoid read(){
Connectionconn = null;
Statementstmt = null;
ResultSetrs = null;
Stringsql = "select * from user where gender='male'";
try{
conn= JdbcUtil.getMySqlConnection();
stmt= conn.createStatement();
rs= stmt.executeQuery(sql);
while(rs.next()){
Stringname = rs.getString("name");
String gender = rs.getString("gender");
System.out.println(name+":"+gender);
}
}catch (Exception e) {
e.printStackTrace();
System.out.println("讀取失敗");
}finally{
JdbcUtil.close(rs);
JdbcUtil.close(stmt);
JdbcUtil.close(conn);
}
}
@Test
publicvoid update(){
Connectionconn = null;
Statementstmt = null;
ResultSetrs = null;
Stringsql = "update user set gender='female' where id = 8";
try{
conn= JdbcUtil.getMySqlConnection();
stmt= conn.createStatement();
inti = stmt.executeUpdate(sql);
System.out.println(i>0?"成功":"失敗");
}catch (Exception e) {
e.printStackTrace();
}finally{
JdbcUtil.close(rs);
JdbcUtil.close(stmt);
JdbcUtil.close(conn);
}
}
@Test
publicvoid delete(){
Connectionconn = null;
Statementstmt = null;
ResultSetrs = null;
Stringsql = "delete from user where salary IS NULL";
try{
conn= JdbcUtil.getMySqlConnection();
stmt= conn.createStatement();
inti = stmt.executeUpdate(sql);
System.out.println(i>0?"成功":"失敗");
}catch (Exception e) {
e.printStackTrace();
}finally{
JdbcUtil.close(rs);
JdbcUtil.close(stmt);
JdbcUtil.close(conn);
}
}
@Test
publicvoid read(String name){
Connectionconn = null;
Statementstmt = null;
ResultSetrs = null;
Stringsql = "select * from user where name='"+name+"'";
System.out.println("sql="+sql);
try{
conn= JdbcUtil.getMySqlConnection();
stmt= conn.createStatement();
rs= stmt.executeQuery(sql);
while(rs.next()){
//while(rs!=null)
name= rs.getString("name");
String gender = rs.getString("gender");
System.out.println(name+":"+gender);
}
} catch (Exception e) {
e.printStackTrace();
}finally{
JdbcUtil.close(rs);
JdbcUtil.close(stmt);
JdbcUtil.close(conn);
}
}
publicvoid createTable(String tableName){
}
publicvoid dropTable(String tableName){
}
publicstatic void main(String[] args) {
Crudcrud = new Crud();
//crud.read("'or true or' ");
crud.createTable("system");
crud.dropTable("system");
crud.read("絲絲");
crud.create();
crud.delete();
crud.update();
crud.read();
}
}
防止sql注入
1 Statement和PreparedStatement的特點
a)對於創建和刪除表或數據庫,我們可以使用executeUpdate(),該方法返回0,表示未影向表中任何記錄
b)對於創建和刪除表或數據庫,我們可以使用execute(),該方法返回false,表示創建和刪除數據庫表
c)除了select操作返回true之除,其它的操作都返回false
d)PreparedStatement有如下的特點:
>>解決SQL注入問題,在綁定參數時,動態檢測
>>在發送相同結構的SQL時,較Statement效率有所提升
>>使用?佔位符替代真實的綁定值
>>項目中,優先使用PreparedStatement
使用preparedStatementCURD
User Bean:
publicclass User {
privateintid;
private String username;
private String password;
private java.util.Date birthday;
privatefloatsalary;
public User(){}
publicint getId() {
returnid;
}
publicvoid setId(int id) {
this.id = id;
}
public String getUsername() {
returnusername;
}
publicvoid setUsername(String username) {
this.username = username;
}
public String getPassword() {
returnpassword;
}
publicvoid setPassword(String password) {
this.password = password;
}
public java.util.Date getBirthday() {
returnbirthday;
}
publicvoid setBirthday(java.util.Date birthday) {
this.birthday = birthday;
}
publicfloat getSalary() {
returnsalary;
}
publicvoid setSalary(float salary) {
this.salary = salary;
}
}
curd:
publicclass Crud {
publicvoid create(String name,String gender,float salary){
Connection conn = null;
PreparedStatementpstmt = null;
ResultSet rs = null;
String sql = "insert intouser(name,gender,salary) values(?,?,?)";
try {
conn = JdbcUtil.getMySqlConnection();
pstmt = conn.prepareStatement(sql);
pstmt.setString(1,name);
pstmt.setString(2,gender);
pstmt.setFloat(3,salary);
pstmt.executeUpdate();
} catch (Exception e) {
e.printStackTrace();
}finally{
JdbcUtil.close(rs);
JdbcUtil.close(pstmt);
JdbcUtil.close(conn);
}
}
publicvoid read(String name){
Connection conn = null;
PreparedStatementpstmt = null;
ResultSet rs = null;
//使用PreparedStement的參數使用佔位符替代
String sql = "select *from user where name = ?";
try {
conn = JdbcUtil.getMySqlConnection();
pstmt = conn.prepareStatement(sql);
//能過setXxxx()方法爲佔位符賦值,
//在賦值的過程中動態檢測,預防SQL注入問題的發生
pstmt.setString(1,name);
rs = pstmt.executeQuery();
while(rs.next()){
name = rs.getString("name");
String gender = rs.getString("gender");
System.out.println(name+":"+gender);
}
} catch (Exception e) {
e.printStackTrace();
}finally{
JdbcUtil.close(rs);
//多態原則
JdbcUtil.close(pstmt);
JdbcUtil.close(conn);
}
}
publicstaticvoid main(String[] args) {
Crud crud = new Crud();
//crud.read(" 'or trueor' ");
//crud.create("tim","male",5000);
}
}