圖解如何使用JDBC實現一個用戶登陸的功能
1、新建一個Java Project項目
2、新建一個User類對應MySQL中的users表
package com.soar.entity;
import java.util.Date;
public class User {
private int id;
private String name;
private String password;
private String email;
private Date birthday;
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public Date getBirthday() {
return birthday;
}
public void setBirthday(Date birthday) {
this.birthday = birthday;
}
@Override
public String toString() {
return "User [id=" + id + ", name=" + name + ", password=" + password + ", email=" + email + ", birthday="
+ birthday + "]";
}
}
3、新建一個DBUtils類
package com.soar.util;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ResourceBundle;
public class DBUtils {
private static String driverClass;
private static String url;
private static String user;
private static String password;
static{
ResourceBundle rb = ResourceBundle.getBundle("dbinfo");
//給上面四個變量賦值
driverClass = rb.getString("driverClass");
url = rb.getString("url");
user = rb.getString("user");
password = rb.getString("password");
try {
Class.forName(driverClass);
} catch (Exception e) {
e.printStackTrace();
}
}
//得到連接
public static Connection getConnection() throws Exception{
return DriverManager.getConnection(url, user, password);
}
//關閉資源
public static void closeAll(ResultSet rs,Statement stmt,Connection conn){
if(rs!=null){
try {
rs.close();
} catch (SQLException e) {
e.printStackTrace();
}
rs = null;
}
if(stmt!=null){
try {
stmt.close();
} catch (SQLException e) {
e.printStackTrace();
}
stmt = null;
}
if(conn!=null){
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
conn = null;
}
}
}
4、創建一個properties的配置文件和DBUtils類進行關聯
注意:不用加分號
5、創建一個DoLogin類
package com.soar.service;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
import com.soar.entity.User;
import com.soar.util.DBUtils;
public class DoLogin {
/**
* 根據用戶名和密碼查詢用戶對象信息
* @param name
* @param pwd
* @return u
*/
public User findUser(String name, String pwd){
Connection conn = null;
Statement stmt = null;
ResultSet rs = null;
User u = null;
try {
conn = DBUtils.getConnection(); //得到連接對象
stmt = conn.createStatement(); //得到執行sql語句的對象
rs = stmt.executeQuery("SELECT * FROM users WHERE NAME='"+name+"' AND PASSWORD='"+pwd+"'"); //執行sql語句
if(rs.next()){
u = new User();
u.setId(rs.getInt(1));
u.setName(rs.getString(2));
u.setPassword(rs.getString(3));
u.setEmail(rs.getString(4));
u.setBirthday(rs.getDate(5));
}
} catch (Exception e) {
e.printStackTrace();
}finally{
DBUtils.closeAll(rs, stmt, conn);
}
return u;
}
}
注意事項:在調用executeQuery()方法時,括號中的sql語句應該在SQLyog中寫完後複製到MyEclipse中,因爲如果在ME中寫sql語句即使寫錯了,編譯器也不會報錯。
6、創建一個Login類
package com.soar.client;
import java.util.Scanner;
import com.soar.entity.User;
import com.soar.service.DoLogin;
public class Login {
public static void main(String[] args) {
Scanner input = new Scanner(System.in);
System.out.println("請輸入用戶名:");
String name = input.nextLine();
System.out.println("請輸入密碼:");
String pwd = input.nextLine();
DoLogin dl = new DoLogin();
User user = dl.findUser(name, pwd); //調用查詢用戶的方法
if(user!=null){
System.out.println("歡迎你:"+user.getName());
}else{
System.out.println("用戶名和密碼錯誤!");
}
}
}
7、運行Login類
MySQL中的數據表
Console中輸入正確的信息
Console中輸入錯誤的信息
8、在 DoLogin類中程序代碼不完善,存在sql注入問題
當任意輸入一個用戶名後,在輸入密碼時填寫如下語句會把
所有的數據庫信息都調出來
請輸入用戶名:
sdaf
請輸入密碼:
fdsa ' or '1'='1
解決方法:使用preparedStatement來代替Statement
preparedStatement:預編譯對象, 是Statement對象的子類。
特點:
性能要高
會把sql語句先編譯
sql語句中的參數會發生變化,過濾掉用戶輸入的關鍵字。
改進後的DoLogin類代碼:
package com.soar.service;
import java.sql.Connection;
import java.sql.ResultSet;
import com.mysql.jdbc.PreparedStatement;
import com.soar.entity.User;
import com.soar.util.DBUtils;
public class DoLogin {
/**
* 根據用戶名和密碼查詢用戶對象信息
* @param name
* @param pwd
* @return u
*/
public User findUser(String name, String pwd){
Connection conn = null;
PreparedStatement stmt = null;
ResultSet rs = null;
User u = null;
try {
conn = DBUtils.getConnection(); //得到連接對象
String sql = "SELECT * FROM users WHERE NAME=? AND PASSWORD=?";
stmt = (PreparedStatement) conn.prepareStatement(sql); //得到執行sql語句的對象
//給?賦值
stmt.setString(1, name);
stmt.setString(2, pwd);
rs = stmt.executeQuery(); //執行sql語句
if(rs.next()){
u = new User();
u.setId(rs.getInt(1));
u.setName(rs.getString(2));
u.setPassword(rs.getString(3));
u.setEmail(rs.getString(4));
u.setBirthday(rs.getDate(5));
}
} catch (Exception e) {
e.printStackTrace();
}finally{
DBUtils.closeAll(rs, stmt, conn);
}
return u;
}
}