JDBC
什么是JDBC?为什么使用JDBC
1)SUN公司为使Java程序灵活的访问各种不同的关系型数据库提供的规则。
2)为什么使用JDBC?
a)降低Java程序操作数据库的成本
b)使Java程序灵活移植
*9 祥解JDBC连接数据库的各个步骤
1)注册驱动:DriverManager.registerDriver(newcom.mysql.jdbc.Driver());
java.sql.Driver(接口)-com.mysql.jdbc.Driver(实现类)
(首先返回true)boolean acceptsURL(String url)
查询驱动程序是否认为它可以打开到给定 URL 的连接。
(然后)Connection connect(String url, Properties info)
试图创建一个到给定 URL 的数据库连接。
注意:上述代码会向DriverManager注册二次相同的MySQL驱动,其中一次在Driver实现类中
项目中推荐使用以下代码间接注册数据库驱动:
Class.forName("com.mysql.jdbc.Driver");
优点:
a)只注册一次
b)无需导入与具体数据库驱动相关的包
2)获取数据库连接对象:
Connectionconn = DriverManager.getConnection(
"jdbc:mysql://127.0.0.1:3306/mydb2","root","root");
3)关闭流
a)依次按resul->statement->connection顺序关闭
b)在能完成业务的情况下,尽早关闭
*10 JDBC的六个固定步骤
1,注册数据库驱动[利用反射]
2,取得数据库连接对象Connection
3,创建SQL对象
4,执行SQL命令,并返回结果集
5,处理结果集
6,依次关闭结果集
*11 使用JDBC完成CURD操作
insert/update/delete----Statement.executeUpdate(sql):返回值表示影响记录的行数
select------------------Statement.exeucteQuery():返回值表示符合条件的记录
create------------------ ?
drop-------------------- ?
sql脚本
create table user(
idint primary key auto_increment,
namevarchar(20),
gender varchar(6),
salary float
);
sql表脚本:
create table user(
idint primary key auto_increment,
namevarchar(20),
gender varchar(6),
salary float
);
insert into user(name,gender,salary)values('jack','male',4000);
insert into user(name,gender,salary)values('marry','female',5000);
insert into user(name,gender,salary) values('jim','male',6000);
insert into user(name,gender,salary)values('tom','male',7000);
insert into user(name,gender,salary)values('soso','female',NULL);
insert into user(name,gender,salary)values('haha','female',3500);
insert into user(name,gender,salary)values('hehe','female',4500);
利用db.propeties属性文件配置数据库连接信息
#db.propeties属性文件
driver = com.mysql.jdbc.Driver
url = jdbc:mysql://127.0.0.1:3306/mydb2
user = root
password = root
JdbcUtil工具类
package cn.itcast.web.jdbc;
import java.io.InputStream;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Properties;
import org.junit.Test;
//JDBC工具类:关闭流和取得连接
publicfinalclass JdbcUtil {
privatestatic String driver;
privatestatic String url;
privatestatic String user;
privatestatic String password;
//静态块:加载文件
static{
Properties props = new Properties();
//getResourceAsStream()使用类加载器加载配置文件
InputStream is = Demo3.class.getClassLoader().getResourceAsStream("cn/itcast/web/jdbc/db.properties");
try {
props.load(is);
} catch (Exception e) {
e.printStackTrace();
}
driver = props.getProperty("driver");
url = props.getProperty("url");
user = props.getProperty("user");
password = props.getProperty("password");
}
//静态块:注册驱动
static{
try {
Class.forName(driver);
} catch (Exception e) {
e.printStackTrace();
}
}
//取得连接
publicstatic Connection getMySqlConnection(){
Connection conn = null;
try {
conn = DriverManager.getConnection(url,user,password);
} catch (Exception e) {
e.printStackTrace();
}
return conn;
}
//关闭连接
publicstaticvoid close(ResultSet rs){
if(rs!=null){
try {
rs.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
publicstaticvoid close(Statement stmt){
if(stmt!=null){
try {
stmt.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
publicstaticvoid close(Connection conn){
if(conn!=null){
try {
conn.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
@Test
publicvoid test(){
try{
JdbcUtil.getMySqlConnection();
System.out.println("数据库连接成功");
}catch(Exception e)
{
e.printStackTrace();
System.out.println("数据库连接失败");
}
}
}
Statement CURD
package cn.itcast.web.jdbc;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
import org.junit.Test;
//基于JDBC的CURD操作
public class Crud {
@Test
publicvoid create(){
Connectionconn = null;
Statementstmt = null;
ResultSetrs = null;
Stringsql = "insert into user(name,gender,salary) values('丝丝','女',3000)";
try{
conn= JdbcUtil.getMySqlConnection();
stmt= conn.createStatement();
inti = stmt.executeUpdate(sql);
System.out.println(i>0?"成功":"失败");
}catch (Exception e) {
e.printStackTrace();
}finally{
JdbcUtil.close(rs);
JdbcUtil.close(stmt);
JdbcUtil.close(conn);
}
}
@Test
publicvoid read(){
Connectionconn = null;
Statementstmt = null;
ResultSetrs = null;
Stringsql = "select * from user where gender='male'";
try{
conn= JdbcUtil.getMySqlConnection();
stmt= conn.createStatement();
rs= stmt.executeQuery(sql);
while(rs.next()){
Stringname = rs.getString("name");
String gender = rs.getString("gender");
System.out.println(name+":"+gender);
}
}catch (Exception e) {
e.printStackTrace();
System.out.println("读取失败");
}finally{
JdbcUtil.close(rs);
JdbcUtil.close(stmt);
JdbcUtil.close(conn);
}
}
@Test
publicvoid update(){
Connectionconn = null;
Statementstmt = null;
ResultSetrs = null;
Stringsql = "update user set gender='female' where id = 8";
try{
conn= JdbcUtil.getMySqlConnection();
stmt= conn.createStatement();
inti = stmt.executeUpdate(sql);
System.out.println(i>0?"成功":"失败");
}catch (Exception e) {
e.printStackTrace();
}finally{
JdbcUtil.close(rs);
JdbcUtil.close(stmt);
JdbcUtil.close(conn);
}
}
@Test
publicvoid delete(){
Connectionconn = null;
Statementstmt = null;
ResultSetrs = null;
Stringsql = "delete from user where salary IS NULL";
try{
conn= JdbcUtil.getMySqlConnection();
stmt= conn.createStatement();
inti = stmt.executeUpdate(sql);
System.out.println(i>0?"成功":"失败");
}catch (Exception e) {
e.printStackTrace();
}finally{
JdbcUtil.close(rs);
JdbcUtil.close(stmt);
JdbcUtil.close(conn);
}
}
@Test
publicvoid read(String name){
Connectionconn = null;
Statementstmt = null;
ResultSetrs = null;
Stringsql = "select * from user where name='"+name+"'";
System.out.println("sql="+sql);
try{
conn= JdbcUtil.getMySqlConnection();
stmt= conn.createStatement();
rs= stmt.executeQuery(sql);
while(rs.next()){
//while(rs!=null)
name= rs.getString("name");
String gender = rs.getString("gender");
System.out.println(name+":"+gender);
}
} catch (Exception e) {
e.printStackTrace();
}finally{
JdbcUtil.close(rs);
JdbcUtil.close(stmt);
JdbcUtil.close(conn);
}
}
publicvoid createTable(String tableName){
}
publicvoid dropTable(String tableName){
}
publicstatic void main(String[] args) {
Crudcrud = new Crud();
//crud.read("'or true or' ");
crud.createTable("system");
crud.dropTable("system");
crud.read("丝丝");
crud.create();
crud.delete();
crud.update();
crud.read();
}
}
防止sql注入
1 Statement和PreparedStatement的特点
a)对于创建和删除表或数据库,我们可以使用executeUpdate(),该方法返回0,表示未影向表中任何记录
b)对于创建和删除表或数据库,我们可以使用execute(),该方法返回false,表示创建和删除数据库表
c)除了select操作返回true之除,其它的操作都返回false
d)PreparedStatement有如下的特点:
>>解决SQL注入问题,在绑定参数时,动态检测
>>在发送相同结构的SQL时,较Statement效率有所提升
>>使用?占位符替代真实的绑定值
>>项目中,优先使用PreparedStatement
使用preparedStatementCURD
User Bean:
publicclass User {
privateintid;
private String username;
private String password;
private java.util.Date birthday;
privatefloatsalary;
public User(){}
publicint getId() {
returnid;
}
publicvoid setId(int id) {
this.id = id;
}
public String getUsername() {
returnusername;
}
publicvoid setUsername(String username) {
this.username = username;
}
public String getPassword() {
returnpassword;
}
publicvoid setPassword(String password) {
this.password = password;
}
public java.util.Date getBirthday() {
returnbirthday;
}
publicvoid setBirthday(java.util.Date birthday) {
this.birthday = birthday;
}
publicfloat getSalary() {
returnsalary;
}
publicvoid setSalary(float salary) {
this.salary = salary;
}
}
curd:
publicclass Crud {
publicvoid create(String name,String gender,float salary){
Connection conn = null;
PreparedStatementpstmt = null;
ResultSet rs = null;
String sql = "insert intouser(name,gender,salary) values(?,?,?)";
try {
conn = JdbcUtil.getMySqlConnection();
pstmt = conn.prepareStatement(sql);
pstmt.setString(1,name);
pstmt.setString(2,gender);
pstmt.setFloat(3,salary);
pstmt.executeUpdate();
} catch (Exception e) {
e.printStackTrace();
}finally{
JdbcUtil.close(rs);
JdbcUtil.close(pstmt);
JdbcUtil.close(conn);
}
}
publicvoid read(String name){
Connection conn = null;
PreparedStatementpstmt = null;
ResultSet rs = null;
//使用PreparedStement的参数使用占位符替代
String sql = "select *from user where name = ?";
try {
conn = JdbcUtil.getMySqlConnection();
pstmt = conn.prepareStatement(sql);
//能过setXxxx()方法为占位符赋值,
//在赋值的过程中动态检测,预防SQL注入问题的发生
pstmt.setString(1,name);
rs = pstmt.executeQuery();
while(rs.next()){
name = rs.getString("name");
String gender = rs.getString("gender");
System.out.println(name+":"+gender);
}
} catch (Exception e) {
e.printStackTrace();
}finally{
JdbcUtil.close(rs);
//多态原则
JdbcUtil.close(pstmt);
JdbcUtil.close(conn);
}
}
publicstaticvoid main(String[] args) {
Crud crud = new Crud();
//crud.read(" 'or trueor' ");
//crud.create("tim","male",5000);
}
}