JDBC简介
1、JDBC定义
Java数据库连接(Java Database Connectivity,简称JDBC):
是Java语言中用来规范客户端程序如何来访问数据库的应用程序接口,提供了诸如查询和更新数据库中数据的方法。
JDBC也是Sun Microsystems的商标。我们通常说的JDBC是面向关系型数据库的。
JDBC原理:
由sun提供的一套访问数据库的规范(一组接口)。各个数据库厂商就会遵守这一套规范,提供一套访问自己公司数据库的程序,
这套程序就叫数据库驱动。
2、主要用途
与数据库建立连接
发送 SQL 语句
处理结果
3、JDBC常用接口和类
DriverManager类:驱动管理类,主要作用,注册JDBC驱动从而获取连接
Connection接口:连接对象,主要作用,建立与数据库的连接
Statement接口:SQL编译器,主要作用,向数据库发送SQL语句,返回执行结果
ResultSet接口:结果集对象,主要作用,执行查询操作时,接受结果
4、mysql驱动下载地址:https://dev.mysql.com/downloads/connector/j/
JDBC的开发步骤
1、导入驱动jar包,用于连接数据库
2、书写jdbc代码:
(1)、注册驱动
(2)、获取访问数据库的连接
(3)、获取执行sql的语句平台(Statement PreparedStatement)即创建SQL编译器
(4)、编写SQL语句
(5)、执行sql语句
executeQuery()-->只执行查询操作-->返回结果是结果集ResultSet
executeUpdate()-->只执行增删改操作-->返回结果是受影响的行数int
(6)、处理sql语句执行的结果
(7)、释放资源
完整代码
package com.offcn.demo;
import java sql.Connection;
import java. sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
public class JDBCDetail {
public static void main(String[] args) {
Connnection conn = null;
Statement stmt = null;
ResultSet rs = null;
try {
Class.forName("com.mysql.cj.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/db01?serverTimezone=GMT%2B8&characterEncoding=UTF-8";
String username = "root";
String passward = "000";
conn = DriverManager.getConnection(url,username,passward);
stmt = conn.createStatement();
String sql = "select sname,sage from student";
rs = stmt.executeQuery(sql);
while(rs.next()){
System.out.println(rs.getString("sname")+rs.getInt("sage"));
System.out.println(rs.getString(1)+rs.getInt(2));
}
}catch(Evception e) {
e.printStaclTrace();
}finally {
try {
if(rs!=null) {
rs.close();
}
if(stmt!=null) {
stmt.close();
}
if(conn!=null) {
conn.close();
}
} catch(SQLException e) {
e.printStackTrace();
}
}
}
}
单元测试
导入单元测试的jar包
右键项目-->Build Path-->Configure Build Path-->Libraries-->Add Libraries-->JUnit-->Next-->Apply and Close
SQL注入问题
如出现如下情形:
public void select(String sname) {
...
String sql = "select * from student where saname = '" + sname + "'";
}
当传入的参数:
String sname = "999' or '1'='1";
实际拼接成的SQL语句是:
select * from student where sname='999' or '1'='1'
where后的筛选条件恒成立,结果会查询出所有数据,数据安全有隐患
这种SQL注入攻击值对Statement有效,所以改换用PreparedStatement
JDBC封装工具类
在src目录中创建jdbc.properties文件:
后缀properties是一种属性文件。这种文件以key=value格式存储内容。Java中可以使用Properties类来读取这个文件 String value=p.getProperty(key);
文件内容如下:
driver=com.mysql.cj.jdbc.Driver
url=jdbc:mysql://localhost:3306/school?serverTimezone=GMT%2B8&characterEncoding=UTF-8
user=root
pwd=000
创建JDBCUtil.java文件:
package com.offcn.demo;
import java.io.FileInputStream;
import java.io.InputStream;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Properties;
public class JDBCUtil {
static String driver = "";
static String url = "";
static String user = "";
static String pwd = "";
static {
try {
InputStream in = new FileInputStream("src/jdbc.properties");
Properties prop = new Properties();
prop.load(in);
driver = prop.getProperty("driver");
url = prop.getProperty("url");
user = prop.getProperty("user");
pwd = prop.getProperty("pwd");
} catch (Exception e) {
e.printStackTrace();
}
}
public static Connection getConn() {
Connection conn = null;
try {
Class.forName(driver);
conn = DriverManager.getConnection(url, user, pwd);
} catch (Exception e) {
e.printStackTrace();
}
return conn;
}
public static void closeResources(ResultSet rs,PreparedStatement pstmt,Connection conn) {
try {
if(rs!=null) {
rs.close();
}
if(pstmt!=null) {
pstmt.close();
}
if(conn!=null) {
conn.close();
}
} catch (SQLException e) {
e.printStackTrace();
}
}
}
PreparedStatement实现CRUD操作
先在SQLyog中创建school数据库,库中建表student
CREATE DATABASE school;
USE school;
CREATE TABLE student(
sid INT(6) PRIMARY KEY AUTO_INCREMENT,
sname VARCHAR(20) NOT NULL,
sage INT(3),
ssex CHAR(1) DEFAULT '男',
semail VARCHAR(20) UNIQUE
);
package com.ujiuye;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import org.junit.jupiter.api.Test;
public class CRUD {
@Test
public void makeTable() {
insert("大力娃",23,"男","[email protected]");
insert("千里眼",22,"男","[email protected]");
insert("顺风耳",21,"男","[email protected]");
insert("喷火娃",20,"男","[email protected]");
insert("吐水娃",19,"男","[email protected]");
insert("隐身娃",18,"男","[email protected]");
insert("宝葫芦娃",17,"男","[email protected]");
insert("蛇精",30,"女","[email protected]");
insert("蝎子精",25,"女","[email protected]");
insert("琵琶精",18,"女","[email protected]");
}
@Test
public void remove() {
int sid = 2;
delete(sid);
}
@Test
public void change() {
update(10,"琵琶精",28,"女","[email protected]");
}
public void insert(String sname,int sage,String ssex,String semail) {
Connection conn = JDBCUtil.getConn();
PreparedStatement pstmt = null;
String sql = "insert into student(sname,sage,ssex,semail) values(?,?,?,?) ";
try {
pstmt = conn.prepareStatement(sql);
pstmt.setString(1, sname);
pstmt.setInt(2, sage);
pstmt.setString(3, ssex);
pstmt.setString(4, semail);
int rows = pstmt.executeUpdate();
System.out.println(rows);
} catch (SQLException e) {
e.printStackTrace();
} finally {
JDBCUtil.closeResources(null, pstmt, conn);
}
}
public void delete(int sid) {
Connection conn = JDBCUtil.getConn();
PreparedStatement pstmt = null;
String sql = "delete from student where sid=? ";
try {
pstmt = conn.prepareStatement(sql);
pstmt.setInt(1, sid);
int rows = pstmt.executeUpdate();
System.out.println(rows);
} catch (SQLException e) {
e.printStackTrace();
} finally {
JDBCUtil.closeResources(null, pstmt, conn);
}
}
public void update(int sid,String sname,int sage,String ssex,String semail) {
Connection conn = JDBCUtil.getConn();
PreparedStatement pstmt = null;
String sql = "update student set sname=?,sage=?,ssex=?,semail=? where sid=?";
try {
pstmt = conn.prepareStatement(sql);
pstmt.setString(1, sname);
pstmt.setInt(2, sage);
pstmt.setString(3, ssex);
pstmt.setString(4, semail);
pstmt.setInt(5, sid);
int rows = pstmt.executeUpdate();
System.out.println(rows);
} catch (SQLException e) {
e.printStackTrace();
} finally {
JDBCUtil.closeResources(null, pstmt, conn);
}
}
@Test
public void select1() {
Connection conn = JDBCUtil.getConn();
PreparedStatement pstmt = null;
ResultSet rs = null;
String sql = "select * from student where ssex='女'";
try {
pstmt = conn.prepareStatement(sql);
rs = pstmt.executeQuery();
while(rs.next()) {
System.out.println(
"学号:"+rs.getInt("sid")+
" 姓名:"+rs.getString("sname")+
" 年龄:"+rs.getInt("sage")+
" 性别:"+rs.getString("ssex")+
" 邮箱:"+rs.getString("semail"));
}
} catch (SQLException e) {
e.printStackTrace();
} finally {
JDBCUtil.closeResources(rs, pstmt, conn);
}
}
@Test
public void select2() {
Connection conn = JDBCUtil.getConn();
PreparedStatement pstmt = null;
ResultSet rs = null;
String sql = "select * from student where ssex='男' and sage>21";
try {
pstmt = conn.prepareStatement(sql);
rs = pstmt.executeQuery();
while(rs.next()) {
System.out.println(
"学号:"+rs.getInt("sid")+
" 姓名:"+rs.getString("sname")+
" 年龄:"+rs.getInt("sage")+
" 性别:"+rs.getString("ssex")+
" 邮箱:"+rs.getString("semail"));
}
} catch (SQLException e) {
e.printStackTrace();
} finally {
JDBCUtil.closeResources(rs, pstmt, conn);
}
}
}