//學習鏈接: https://www.bilibili.com/video/BV14E411Q7wJ?p=2
package com.librarySystem;
import jdk.nashorn.internal.ir.RuntimeNode;
import java.sql.*;
import java.text.DecimalFormat;
import java.util.ArrayList;
import java.util.Formatter;
import java.util.List;
class Reader{
public String rno;
public String rname;
public String rsex;
public int rage;
public String rboss;
public String raddress;
}
public class ConnnectDatabase {
//statement.executeQuery
public static List<Reader> queryALL( Connection conn ) {
PreparedStatement preparedStatement=null;
ResultSet resultSet = null;
List<Reader>readers = new ArrayList<>();
try{
String sql ="SELECT * FROM Reader";
preparedStatement = conn.prepareStatement(sql);
resultSet = preparedStatement.executeQuery();
while(resultSet.next()){
Reader reader= new Reader();
reader.rno = resultSet.getString("RNO");
reader.rname = resultSet.getString("RNAME");
reader.rsex = resultSet.getString("RSEX");
reader.rage = resultSet.getInt("RAGE");
reader.rboss = resultSet.getString("RBOSS");
reader.raddress = resultSet.getString("RADDRESS");
readers.add(reader);
}
}
catch (Exception e){
e.printStackTrace();;
}
finally {
try {
if (resultSet != null)
resultSet.close();
}catch(SQLException ex){
ex.printStackTrace();
}
try {
preparedStatement.close();
}catch(SQLException ex){
ex.printStackTrace();
}
}
return readers;
}
// statement.executeUpdate
public static void add(Connection conn) {
PreparedStatement preparedStatement=null;
try{
//防止插入注入,使用佔位符?
String sql = "Insert into reader values('R011',?,?,?,?,?)";
preparedStatement =conn.prepareStatement(sql);
//根據位置以及類型設置佔位符
preparedStatement.setString(1,"王尼瑪");
preparedStatement.setString(2,"男");
preparedStatement.setDouble(3,22);
preparedStatement.setString(4,"李四");
preparedStatement.setString(5,"404");
preparedStatement.executeUpdate();
}
catch(Exception e){
e.printStackTrace();
}
finally{
try {
preparedStatement.close();
}
catch(SQLException ex){
ex.printStackTrace();
}
}
}
// statement.executeUpdate
public static void del(Connection conn) {
PreparedStatement preparedStatement=null;
try{
//防止插入注入,使用佔位符?
String sql = "Delete from reader where reader.rname=?";
preparedStatement =conn.prepareStatement(sql);
preparedStatement.setString(1,"王尼瑪");
preparedStatement.executeUpdate();
}catch(Exception e){
e.printStackTrace();
}
finally{
try {
preparedStatement.close();
}
catch (SQLException ex){
ex.printStackTrace();
}
}
}
// statement.executeUpdate
public static void changeValue(Connection conn) {
PreparedStatement preparedStatement=null;
try{
//防止插入注入,使用佔位符?
String sql = "Update reader set rname='吳尼瑪' where reader.rname=?";
preparedStatement =conn.prepareStatement(sql);
preparedStatement.setString(1,"王尼瑪");
preparedStatement.executeUpdate();
}catch(Exception e){
e.printStackTrace();
}finally{
try {
preparedStatement.close();
}catch (SQLException ex){
ex.printStackTrace();
}
}
}
public static Reader querySpecial( Connection conn ,String rno) {
PreparedStatement preparedStatement=null;
ResultSet resultSet = null;
Reader reader=null;
try{
String sql ="SELECT * FROM Reader where reader.rno=?";
preparedStatement = conn.prepareStatement(sql);
preparedStatement.setString(1,rno);
resultSet = preparedStatement.executeQuery();
if(resultSet.next()){
reader= new Reader();
reader.rno = resultSet.getString("RNO");
reader.rname = resultSet.getString("RNAME");
reader.rsex = resultSet.getString("RSEX");
reader.rage = resultSet.getInt("RAGE");
reader.rboss = resultSet.getString("RBOSS");
reader.raddress = resultSet.getString("RADDRESS");
return reader;
}
}
catch (Exception e){
e.printStackTrace();;
}
finally {
try {
if (resultSet != null)
resultSet.close();
}catch(SQLException ex){
ex.printStackTrace();
}
try {
preparedStatement.close();
}catch(SQLException ex){
ex.printStackTrace();
}
}
return reader;
}
public static void main(String args[]) {
Connection conn=null;
try {
//1、加載驅動 從左側的lib文件夾中獲得
Class.forName("oracle.jdbc.OracleDriver");
//2、建立與數據庫連接 需要
// 主機地址 連接本機 localhost 或者127.0.0.1
// 端口號 Oracle 數據庫默認端口號 1521
// 實例名 安裝全的是orcl,沒有安裝全的是XE
String url = "jdbc:oracle:thin:@localhost:1521:orcl"; // jdbc:oracle:thin: @主機地址 : 端口號 : 實例名
// 下面的user和password是在sqlplus上可以登錄的賬戶和密碼
String user = "cc";
String password = "ccpassword";
conn = DriverManager.getConnection(url, user, password);
System.out.println(querySpecial(conn,"R001").rname);
}
catch(Exception e){
e.printStackTrace();
}
finally{
try{
if(conn!=null && !conn.isClosed())
conn.close();
}
catch(SQLException ex){
ex.printStackTrace();;
}
}
}
}
java與數據庫oracle連接學習之jdbc(3)防止插入注入的入侵
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.