版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/nrsc272420199/article/details/85954771
在JDBC原生态编程的基础上对其进行封装编程
1、将数据库连接的四大信息进行封装(JDBC.properties)
## 数据库驱动注册需要的信息
driverClassName=com.mysql.jdbc.Driver
## 其余三个是数据库连接需要的信息
url=jdbc:mysql:localhost:3306/mybatis-study?useUnicode=true&characterEncoding=utf8
user=root
password=123
2、对注册驱动、获取连接、释放资源进行封装
package pack02_jdbc_best;
import java.io.FileInputStream;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Properties;
/*
* 1:要将4大信息从文件中进行解析
* 2:对jdbc的方法做二次封装
*/
public class JDBCUtils {
private static String driverClassName = null;
private static String url = null;
private static String user = null;
private static String password = null;
// 因为注册驱动,只需要做一次,所以将其放入静态代码块
static {
try {
//解析配置文件
Properties prop = new Properties();
prop.load(new FileInputStream("mydb.properties"));
driverClassName = prop.getProperty("driverClassName");
url = prop.getProperty("url");
user = prop.getProperty("user");
password = prop.getProperty("password");
//1.注册驱动
Class.forName(driverClassName);
} catch (Exception e) {
e.printStackTrace();
}
}
// 2.获取连接
public static Connection getConnection() throws SQLException {
Connection conn = DriverManager.getConnection(url, user, password);
return conn;
}
// 释放资源 //null
public static void close(ResultSet rs, Statement stat, Connection conn) {
if (rs != null) {
try {
rs.close();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
if (stat != null) {
try {
stat.close();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
if (conn != null) {
try {
conn.close();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
}
3、操作数据库的主程序如下:
package pack02_jdbc_best;
import java.sql.Connection;
import java.sql.Date;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.sql.Time;
import javax.annotation.Generated;
public class Demo02UtilsTest {
public static void main(String[] args) throws SQLException {
//1:获取连接
/*
* 1:解析配置文件,获取4大信息
* 2:注册驱动
* 3:获取连接
*/
Connection conn = JDBCUtils.getConnection();
//2:创建Statement对象
Statement stat = conn.createStatement();
//3:发送sql指令
String sql = "update category set cname = '护肤品' where cid = 3";
int rows = stat.executeUpdate(sql);
if(rows > 0){
System.out.println("更新成功");
}else{
System.out.println("更新失败");
}
//5:释放资源
JDBCUtils.close(null, stat, conn);
}
}
4、Sql注入及解决方式
PreparedStatement相比于Statement 有两个好处
- 1.对sql语句进行预编译过,多次执行效率由于Statement
- 2.可以防止sql注入问题
package pack03_jdbc_zhuru;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Scanner;
/*
* 由于Statement本身的缺陷,会造成sql的注入,为了弥补该缺陷java的开发者就搞了子接口
* Statement
* PreparedStatement
*/
public class Demo02DJDBCZhuRuPreparedStatement {
public static void main(String[] args) throws SQLException {
Scanner sc = new Scanner(System.in);
System.out.println("请输入用户名:");
String user = sc.nextLine();
System.out.println("请输入密码:");
String password = sc.nextLine();
login(user,password);
}
private static void login(String user, String password) throws SQLException {
Connection conn = JDBCUtils.getConnection();
/*
* Statement stat = conn.createStatement();
* String sql = "select * from user where user ='"+user+"' and password='"+password+"'";
* ResultSet rs = stat.executeQuery(sql);
*/
String sql = "select * from user where user=? and password = ?"; //占位符
//创建prepareStatement对象
//要对残缺的sql做初步的处理
PreparedStatement stat = conn.prepareStatement(sql);
//接下来确定占位符的值
stat.setObject(1, user); //第一个
stat.setObject(2, password); //第二个
System.out.println("sql:" + stat);
/*
* 正常: select * from user where user='lft' and password = '123'
* 非正常:select * from user where user='xxx' and password = 'yyy\'or\'1=1'
*/
//程序到这里,已经确定了sql语句了
//执行sql
ResultSet rs = stat.executeQuery(); //注意,这里执行sql使用的无参的方法
if(rs.next()){
System.out.println("登录成功!");
}else{
System.out.println("登录失败!");
}
//4:关闭资源
JDBCUtils.close(rs, stat, conn);
}
}