|
写在前面:
对于Statement执行SQL语句,首先需要进行书写SQL语句,然后在Statement.executeUpdate(sql)中执行SQL语句,很容易出现安全性问题。所以引入PreparedStatement,此方法可以先进行SQL的预编译,然后给SQL中的占位符进行赋值,然后直接进行执行executeUpdate()。
插入数据
package com.haoran.lesson3;
import com.haoran.lesson2.utils.jdbcUtils;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.Date;
public class preparedStatement {
public static void main(String[] args) {
Connection conn = null;
PreparedStatement pst = null;
try {
conn= jdbcUtils.getConnection();
String sql="INSERT INTO `users`(id,`NAME`,`PASSWORD`,`email`,`birthday`)" +
"VALUE (?,?,?,?,?)";
//预编译SQL,先写SQL,不执行,用占位符?
pst=conn.prepareStatement(sql);
//手动给参数赋值
pst.setInt(1,5);
pst.setString(2,"xiaolonglong");
pst.setString(3,"123321");
pst.setString(4,"123123123@qq.com");
pst.setDate(5,new java.sql.Date(new Date().getTime()));
//该处sql.Date()是数据库中的时间,但是需要参数,所以调用数据库中的Date().getTime()获得时间戳
int i = pst.executeUpdate();//executeUpdate直接执行,不用加参数sql;
if (i>0){
System.out.println("插入成功");
}
} catch (SQLException e) {
e.printStackTrace();
}finally {
jdbcUtils.release(conn,pst,null);
}
}
}
删除数据
package com.haoran.lesson3;
import com.haoran.lesson2.utils.jdbcUtils;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
public class preparedStatement1 {
public static void main(String[] args) {
Connection conn = null;
PreparedStatement pst = null;
try {
conn= jdbcUtils.getConnection();
String sql="DELETE FROM `users` WHERE id=?";
//预编译SQL,先写SQL,不执行,用占位符?
pst=conn.prepareStatement(sql);
//手动给参数赋值
pst.setInt(1,5);
int i = pst.executeUpdate();//executeUpdate直接执行,不用加参数sql;
if (i>0){
System.out.println("删除成功");
}
} catch (SQLException e) {
e.printStackTrace();
}finally {
jdbcUtils.release(conn,pst,null);
}
}
}
更新数据
package com.haoran.lesson3;
import com.haoran.lesson2.utils.jdbcUtils;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
public class preparedStatement2 {
public static void main(String[] args) {
Connection conn = null;
PreparedStatement pst = null;
try {
conn= jdbcUtils.getConnection();
String sql="UPDATE `users` SET `NAME`=? WHERE id=?";
//预编译SQL,先写SQL,不执行,用占位符?
pst=conn.prepareStatement(sql);
//手动给参数赋值
pst.setString(1,"makabaka");
pst.setInt(2,3);
int i = pst.executeUpdate();//executeUpdate直接执行,不用加参数sql;
if (i>0){
System.out.println("更新成功");
}
} catch (SQLException e) {
e.printStackTrace();
}finally {
jdbcUtils.release(conn,pst,null);
}
}
}
查询数据
package com.haoran.lesson3;
import com.haoran.lesson2.utils.jdbcUtils;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
public class preparedStatementSelect {
public static void main(String[] args) {
Connection conn = null;
PreparedStatement pst = null;
ResultSet rs =null;
try {
conn= jdbcUtils.getConnection();
String sql="SELECT * FROM `users` WHERE id=?";
//预编译SQL,先写SQL,不执行,用占位符?
pst=conn.prepareStatement(sql);
//手动给参数赋值
pst.setInt(1,2);
rs=pst.executeQuery();
if (rs.next()){
System.out.println(rs.getString("NAME"));
}
} catch (SQLException e) {
e.printStackTrace();
}finally {
jdbcUtils.release(conn,pst,rs);
}
}
}
|