增删改查的操作:
import java.sql.DriverManager;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
public class Demo1 {
/**
* @param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
//Demo1.Read();
//Creat();
//Update();
Delete();
}
//删除数据
static void Delete(){
Connection conn = null;
Statement st = null;
ResultSet rs = null;
try {
conn = jdbcUtils.getConnection();
//3.创建语句
st = conn.createStatement();
//String sql = "insert into T1(name,passwd,salary) values ('wangwu','123456',5000)";
//String sql = "update T1 set salary=salary +10";
String sql = "delete from T1 where id>2";
//4.执行语句
int i = st.executeUpdate(sql);
//5.处理结果
System.out.println("i=" + i);
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}finally {
//6.释放资源
//jdbcUtils.free(rs,st,conn);
jdbcUtils.free(rs, st, conn);
}
}
//更新数据
static void Update(){
Connection conn = null;
Statement st = null;
ResultSet rs = null;
try {
conn = jdbcUtils.getConnection();
//3.创建语句
st = conn.createStatement();
//String sql = "insert into T1(name,passwd,salary) values ('wangwu','123456',5000)";
String sql = "update T1 set salary=salary+10";
//4.执行语句
int i = st.executeUpdate(sql);
//5.处理结果
System.out.println("i=" + i);
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}finally {
//6.释放资源
//jdbcUtils.free(rs,st,conn);
jdbcUtils.free(rs, st, conn);
}
}
static void Read(){
Connection conn = null;
Statement st = null;
ResultSet rs = null;
try {
conn = jdbcUtils.getConnection();
//3.创建语句
st = conn.createStatement();
//4.执行语句
rs = st.executeQuery("select id,name,passwd,salary from T1");
//5.处理结果
while (rs.next()) {
System.out.println(rs.getObject("id")+ "\t"
+rs.getObject("name")
+ "\t"+rs.getObject("passwd")+"\t" +
rs.getObject("salary"));
}
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}finally {
//6.释放资源
//jdbcUtils.free(rs,st,conn);
jdbcUtils.free(rs, st, conn);
}
}
//添加数据
static void Creat(){
Connection conn = null;
Statement st = null;
ResultSet rs = null;
try {
conn = jdbcUtils.getConnection();
//3.创建语句
st = conn.createStatement();
String sql = "insert into T1(name,passwd,salary) values ('wangwu','123456',5000)";
//4.执行语句
int i = st.executeUpdate(sql);
//5.处理结果
System.out.println("i=" + i);
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}finally {
//6.释放资源
//jdbcUtils.free(rs,st,conn);
jdbcUtils.free(rs, st, conn);
}
}
}
这种模式容易导致sql注入的问题,比如:
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
public class SqlInject {
/**
* @param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
//Read("zhangsan");
//sql注入
Read("'or 1 or'");
}
static void Read(String name){
Connection conn = null;
Statement st = null;
ResultSet rs = null;
try {
conn = jdbcUtils.getConnection();
//3.创建语句
st = conn.createStatement();
//4.执行语句
String sql = "select id,name,passwd,salary from T1 where name='" + name+"'";
rs = st.executeQuery(sql);
//5.处理结果
while (rs.next()) {
System.out.println(rs.getObject("id")+ "\t"
+rs.getObject("name")
+ "\t"+rs.getObject("passwd")+"\t" +
rs.getObject("salary"));
}
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}finally {
//6.释放资源
//jdbcUtils.free(rs,st,conn);
jdbcUtils.free(rs, st, conn);
}
}
}
执行结果:
1 zhangsan hello 3010
2 lisi wowo 5010
获取了所有的数据,
处理办法:PreparedStatement 解决sql注入问题,并且速度比Statement更快;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
public class SqlInject {
/**
* @param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
Read("zhangsan");
//sql注入
//Read("'or 1 or'");
}
static void Read(String name){
Connection conn = null;
PreparedStatement ps = null;
ResultSet rs = null;
try {
conn = jdbcUtils.getConnection();
//3.创建语句
//查询
String sql = "select id,name,passwd,salary from T1 where name=?";
ps = conn.prepareStatement(sql);
//传值 替换第一个参数
ps.setString(1, name);
//4.执行语句
rs = ps.executeQuery();
//5.处理结果
while (rs.next()) {
System.out.println(rs.getObject("id")+ "\t"
+rs.getObject("name")
+ "\t"+rs.getObject("passwd")+"\t" +
rs.getObject("salary"));
}
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}finally {
//6.释放资源
//jdbcUtils.free(rs,st,conn);
jdbcUtils.free(rs, ps, conn);
}
}
}
时间处理;将java.util中的时间转化为java。sql中的date ,插入时间
//时间处理,将java.util中的时间转化为java。sql中的date
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Date;
public class Datetest {
/**
* @param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
Creat("haha", "jiji", 3000.0f, new Date());
}
//添加数据
static void Creat(String name,String passwd,float salary,Date birthday){
Connection conn = null;
PreparedStatement ps = null;
ResultSet rs = null;
try {
conn = jdbcUtils.getConnection();
//3.创建语句
String sql = "insert into T1(name,passwd,salary,birthday) values (?,?,?,?)";
ps = conn.prepareStatement(sql);
ps.setString(1, name);
ps.setString(2, passwd);
ps.setFloat(3, salary);
ps.setDate(4, new java.sql.Date(birthday.getTime()));
//4.执行语句
int i = ps.executeUpdate();
//5.处理结果
System.out.println("i=" + i);
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}finally {
//6.释放资源
//jdbcUtils.free(rs,st,conn);
jdbcUtils.free(rs, ps, conn);
}
}
}
数据库取出时间:
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Date;
public class Dateread {
/**
* @param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
Date te = Read(1);
System.out.println(te);
}
static Date Read(int id){
Connection conn = null;
Statement st = null;
ResultSet rs = null;
Date birthday = null;
try {
conn = jdbcUtils.getConnection();
//3.创建语句
st = conn.createStatement();
//4.执行语句
rs = st.executeQuery("select birthday from T1 where id =" +id);
//5.处理结果
while (rs.next()) {
birthday = new Date(rs.getDate("birthday").getTime());
//birthday = rs.getDate("birthday");
}
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}finally {
//6.释放资源
//jdbcUtils.free(rs,st,conn);
jdbcUtils.free(rs, st, conn);
}
return birthday;
}
}