时间:2021-07-01 10:21:17 帮助过:9人阅读
1 //Statement 2 String id = "5"; 3 String sql = "delete from table where id=" + id; 4 Statement st = conn.createStatement(); 5 st.executeQuery(sql); 6 //存在sql注入的危险 7 //如果用户传入的id为“5 or 1=1”,那么将删除表中的所有记录
1 //PreparedStatement 有效的防止sql注入(SQL语句在程序运行前已经进行了预编译,当运行时动态地把参数传给PreprareStatement时,即使参数里有敏感字符如 or ‘1=1‘也数据库会作为一个参数一个字段的属性值来处理而不会作为一个SQL指令) 2 String sql = “insert into user (name,pwd) values(?,?)”; 3 PreparedStatement ps = conn.preparedStatement(sql); 4 ps.setString(1, “col_value”); //占位符顺序从1开始 5 ps.setString(2, “123456”); //也可以使用setObject 6 ps.executeQuery();
4.处理执行结果(ResultSet)
1 ResultSet rs = ps.executeQuery(); 2 While(rs.next()){ 3 rs.getString(“col_name”); 4 rs.getInt(1); 5 //… 6 }
5.释放资源
//数据库连接(Connection)非常耗资源,尽量晚创建,尽量早的释放
//都要加try catch 以防前面关闭出错,后面的就不执行了
1 try { 2 if (rs != null) { 3 rs.close(); 4 } 5 } catch (SQLException e) { 6 e.printStackTrace(); 7 } finally { 8 try { 9 if (st != null) { 10 st.close(); 11 } 12 } catch (SQLException e) { 13 e.printStackTrace(); 14 } finally { 15 try { 16 if (conn != null) { 17 conn.close(); 18 } 19 } catch (SQLException e) { 20 e.printStackTrace(); 21 } 22 } 23 }
四、事务(ACID特点、隔离级别、提交commit、回滚rollback)
1.批处理Batch1 package com.test. 2
3 import java.sql.Connection; 4 import java.sql.DriverManager; 5 import java.sql.SQLException; 6 import java.sql.Statement; 7 8 /** 9 * 测试ResultSet结果集的基本用法 10 */ 11 public class Demo05 { 12 public static void main(String[] args) { 13 Connection conn = null; 14 Statement stmt = null; 15 16 try { 17 Class.forName("com.mysql.jdbc.Driver"); 18 conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/testjdbc","root","mysql"); 19 20 conn.setAutoCommit(false); //设为手动提交 21 22 long start = System.currentTimeMillis(); 23 24 stmt = conn.createStatement(); 25 for (int i = 0; i < 20000; i++) { 26 stmt.addBatch("insert into t_user (userName,pwd,regTime) values (‘hao" + i + "‘,666666,now())"); 27 } 28 stmt.executeBatch(); 29 conn.commit(); //提交事务 30 31 long end = System.currentTimeMillis(); 32 System.out.println("插入200000条数据,耗时(ms):" + (end - start)); 33 34 } catch (ClassNotFoundException e) { 35 e.printStackTrace(); 36 } catch (SQLException e) { 37 e.printStackTrace(); 38 } finally{ 39 40 try { 41 if (stmt!=null) { 42 stmt.close(); 43 } 44 } catch (SQLException e) { 45 e.printStackTrace(); 46 } 47 try { 48 if (conn!=null) { 49 conn.close(); 50 } 51 } catch (SQLException e) { 52 e.printStackTrace(); 53 } 54 } 55 } 56 }
2.测试事务的基本概念和用法
1 package com.test.jdbc; 2 3 import java.sql.Connection; 4 import java.sql.DriverManager; 5 import java.sql.PreparedStatement; 6 import java.sql.SQLException; 7 8 /** 9 * 测试事务的基本概念和用法 10 */ 11 public class Demo06 { 12 public static void main(String[] args) { 13 Connection conn = null; 14 PreparedStatement ps1 = null; 15 PreparedStatement ps2 = null; 16 17 try { 18 Class.forName("com.mysql.jdbc.Driver"); 19 conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/testjdbc","root","mysql"); 20 21 conn.setAutoCommit(false); //JDBC中默认是true,自动提交事务 22 23 ps1 = conn.prepareStatement("insert into t_user(userName,pwd)values(?,?)"); //事务开始 24 ps1.setObject(1, "小高"); 25 ps1.setObject(2, "123"); 26 ps1.execute(); 27 System.out.println("第一次插入"); 28 29 try { 30 Thread.sleep(5000); 31 } catch (InterruptedException e) { 32 e.printStackTrace(); 33 } 34 35 ps2 = conn.prepareStatement("insert into t_user(userName,pwd)values(?,?,?)"); //模拟执行失败(values的参数写成三个了) 36 //insert时出现异常,执行conn.rollback 37 ps2.setObject(1, "小张"); 38 ps2.setObject(2, "678"); 39 ps2.execute(); 40 System.out.println("第二次插入"); 41 42 conn.commit(); 43 44 } catch (ClassNotFoundException e) { 45 e.printStackTrace(); 46 try { 47 conn.rollback(); 48 } catch (SQLException e1) { 49 e1.printStackTrace(); 50 } 51 } catch (SQLException e) { 52 e.printStackTrace(); 53 } finally{ 54 55 try { 56 if (ps1!=null) { 57 ps1.close(); 58 } 59 } catch (SQLException e) { 60 e.printStackTrace(); 61 } 62 try { 63 if (ps2!=null) { 64 ps2.close(); 65 } 66 } catch (SQLException e) { 67 e.printStackTrace(); 68 } 69 try { 70 if (conn!=null) { 71 conn.close(); 72 } 73 } catch (SQLException e) { 74 e.printStackTrace(); 75 } 76 } 77 } 78 }
控制台输出
1 第一次插入 2 java.sql.SQLException: No value specified for parameter 3 3 at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1078) 4 at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:989) 5 at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:975) 6 at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:920) 7 at com.mysql.jdbc.PreparedStatement.checkAllParametersSet(PreparedStatement.java:2611) 8 at com.mysql.jdbc.PreparedStatement.fillSendPacket(PreparedStatement.java:2586) 9 at com.mysql.jdbc.PreparedStatement.fillSendPacket(PreparedStatement.java:2510) 10 at com.mysql.jdbc.PreparedStatement.execute(PreparedStatement.java:1316) 11 at com.test.jdbc.Demo06.main(Demo06.java:39)
五、时间处理(Date和Time以及Timestamp区别、随机日期生成)
java.util.Date
1 package com.test.jdbc; 2 3 import java.sql.Connection; 4 import java.sql.DriverManager; 5 import java.sql.PreparedStatement; 6 import java.sql.SQLException; 7 import java.sql.Timestamp; 8 import java.util.Random; 9 10 /** 11 * 测试时间处理(java.sql.Date,Time,Timestamp) 12 */ 13 public class Demo07 { 14 public static void main(String[] args) { 15 Connection conn = null; 16 PreparedStatement ps = null; 17 18 try { 19 Class.forName("com.mysql.jdbc.Driver"); 20 conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/testjdbc","root","mysql"); 21 22 for (int i = 0; i < 1000; i++) { 23 24 ps = conn.prepareStatement("insert into t_user(userName,pwd,regTime,lastLoginTime)values(?,?,?,?)"); 25 ps.setObject(1, "小高" + i); 26 ps.setObject(2, "123"); 27 28 // 29 int random = 1000000000 + new Random().nextInt(1000000000); //随机时间 30 31 java.sql.Date date = new java.sql.Date(System.currentTimeMillis() - random); //插入随机时间 32 java.sql.Timestamp stamp = new Timestamp(System.currentTimeMillis()); //如果需要插入指定时间,可以使用Calendar、DateFormat 33 ps.setDate(3, date); 34 ps.setTimestamp(4, stamp); 35 // 36 ps.execute(); 37 } 38 39 System.out.println("插入"); 40 41 } catch (ClassNotFoundException e) { 42 e.printStackTrace(); 43 } catch (SQLException e) { 44 e.printStackTrace(); 45 } finally{ 46 47 try { 48 if (ps!=null) { 49 ps.close(); 50 } 51 } catch (SQLException e) { 52 e.printStackTrace(); 53 } 54 try { 55 if (conn!=null) { 56 conn.close(); 57 } 58 } catch (SQLException e) { 59 e.printStackTrace(); 60 } 61 } 62 } 63 }
1 package com.test.jdbc; 2 3 import java.sql.Connection; 4 import java.sql.Date; 5 import java.sql.DriverManager; 6 import java.sql.PreparedStatement; 7 import java.sql.ResultSet; 8 import java.sql.SQLException; 9 import java.text.DateFormat; 10 import java.text.ParseException; 11 import java.text.SimpleDateFormat; 12 13 /** 14 * 测试时间处理(java.sql.Date,Time,Timestamp),取出指定时间段的数据 15 */ 16 public class Demo08 { 17 18 /** 19 * 将字符串代表的时间转为long数字(格式:yyyy-MM-dd hh:mm:ss) 20 * @param dateStr 21 * @return 22 */ 23 public static long str2DateTime(String dateStr){ 24 DateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss"); 25 26 try { 27 return format.parse(dateStr).getTime(); 28 } catch (ParseException e) { 29 e.printStackTrace(); 30 return 0; 31 } 32 } 33 34 public static void main(String[] args) { 35 Connection conn = null; 36 PreparedStatement ps = null; 37 ResultSet rs = null; 38 39 try { 40 Class.forName("com.mysql.jdbc.Driver"); 41 conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/testjdbc","root","mysql"); 42 43 // 44 ps = conn.prepareStatement("select * from t_user where regTime > ? and regTime < ?"); 45 java.sql.Date start = new java.sql.Date(str2DateTime("2016-06-20 00:00:00")); 46 java.sql.Date end = new java.sql.Date(str2DateTime("2016-06-24 00:00:00")); 47 48 ps.setObject(1, start); 49 ps.setObject(2, end); 50 51 rs = ps.executeQuery(); 52 while(rs.next()){ 53 System.out.println(rs.getInt("id") + "--" + rs.getString("userName")+"--"+rs.getDate("regTime")); 54 } 55 // 56 57 } catch (ClassNotFoundException e) { 58 e.printStackTrace(); 59 } catch (SQLException e) { 60 e.printStackTrace(); 61 } finally{ 62 63 try { 64 if (ps!=null) { 65 ps.close(); 66 } 67 } catch (SQLException e) { 68 e.printStackTrace(); 69 } 70 try { 71 if (conn!=null) { 72 conn.close(); 73 } 74 } catch (SQLException e) { 75 e.printStackTrace(); 76 } 77 } 78 } 79 }
六、CLOB文本大对象操作
1 package com.test.jdbc; 2 3 import java.io.BufferedReader; 4 import java.io.ByteArrayInputStream; 5 import java.io.File; 6 import java.io.FileReader; 7 import java.io.InputStreamReader; 8 import java.io.Reader; 9 import java.sql.Clob; 10 import java.sql.Connection; 11 import java.sql.DriverManager; 12 import java.sql.PreparedStatement; 13 import java.sql.ResultSet; 14 import java.sql.SQLException; 15 16 /** 17 * 测试CLOB 文本大对象的使用 18 * 包含:将字符串、文件内容插入数据库中的CLOB字段和将CLOB字段值取出来的操作。 19 */ 20 public class Demo09 { 21 public static void main(String[] args) { 22 Connection conn = null; 23 PreparedStatement ps = null; 24 PreparedStatement ps2 = null; 25 ResultSet rs = null; 26 Reader r = null; 27 28 try { 29 Class.forName("com.mysql.jdbc.Driver"); 30 conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/testjdbc","root","mysql"); 31 32 //插入// 33 ps = conn.prepareStatement("insert into t_user(userName,myInfo)values(?,?)"); 34 ps.setString(1, "小高"); 35 36 //将文本文件内容直接输入到数据库中 37 // ps.setClob(2, new FileReader(new File("G:/JAVA/test/a.txt"))); 38 39 //将程序中的字符串输入到数据库中的CLOB字段中 40 ps.setClob(2, new BufferedReader(new InputStreamReader(new ByteArrayInputStream("aaaa".getBytes())))); 41 42 ps.executeUpdate(); 43 System.out.println("插入"); 44 // 45 46 //查询// 47 ps2 = conn.prepareStatement("select * from t_user where id=?"); 48 ps2.setObject(1, 223021); 49 50 rs = ps2.executeQuery(); 51 System.out.println("查询"); 52 while (rs.next()) { 53 Clob c = rs.getClob("myInfo"); 54 r = c.getCharacterStream(); 55 int temp = 0; 56 while ((temp=r.read())!=-1) { 57 System.out.print((char)temp); 58 } 59 } 60 61 } catch (ClassNotFoundException e) { 62 e.printStackTrace(); 63 } catch (Exception e) { 64 e.printStackTrace(); 65 } finally{ 66 67 try { 68 if (r!=null) { 69 r.close(); 70 } 71 } catch (Exception e) { 72 e.printStackTrace(); 73 } 74 try { 75 if (rs!=null) { 76 rs.close(); 77 } 78 } catch (SQLException e) { 79 e.printStackTrace(); 80 } 81 try { 82 if (ps2!=null) { 83 ps2.close(); 84 } 85 } catch (SQLException e) { 86 e.printStackTrace(); 87 } 88 try { 89 if (ps!=null) { 90 ps.close(); 91 } 92 } catch (SQLException e) { 93 e.printStackTrace(); 94 } 95 try { 96 if (conn!=null) { 97 conn.close(); 98 } 99 } catch (SQLException e) { 100 e.printStackTrace(); 101 } 102 } 103 } 104 }
七、BLOB二进制大对象的使用
1 package com.test.jdbc; 2 3 import java.io.FileInputStream; 4 import java.io.FileOutputStream; 5 import java.io.InputStream; 6 import java.io.OutputStream; 7 import java.sql.Blob; 8 import java.sql.Connection; 9 import java.sql.DriverManager; 10 import java.sql.PreparedStatement; 11 import java.sql.ResultSet; 12 import java.sql.SQLException; 13 14 /** 15 * 测试BLOB 二进制大对象的使用 16 */ 17 public class Demo10 { 18 public static void main(String[] args) { 19 Connection conn = null; 20 PreparedStatement ps = null; 21 PreparedStatement ps2 = null; 22 ResultSet rs = null; 23 InputStream is = null; 24 OutputStream os = null; 25 26 try { 27 Class.forName("com.mysql.jdbc.Driver"); 28 conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/testjdbc","root","mysql"); 29 30 //插入// 31 ps = conn.prepareStatement("insert into t_user(userName,headImg)values(?,?)"); 32 ps.setString(1, "小高"); 33 ps.setBlob(2, new FileInputStream("G:/JAVA/test/d.jpg")); 34 ps.execute(); 35 // 36 37 //查询// 38 ps2 = conn.prepareStatement("select * from t_user where id=?"); 39 ps2.setObject(1, 223024); 40 41 rs = ps2.executeQuery(); 42 System.out.println("查询"); 43 while (rs.next()) { 44 Blob b = rs.getBlob("headImg"); 45 is = b.getBinaryStream(); 46 os = new FileOutputStream("G:/JAVA/test/h.jpg"); 47 48 int temp = 0; 49 while ((temp=is.read())!=-1) { 50 os.write(temp); 51 } 52 } 53 54 } catch (ClassNotFoundException e) { 55 e.printStackTrace(); 56 } catch (Exception e) { 57 e.printStackTrace(); 58 } finally{ 59 60 try { 61 if (os!=null) { 62 os.close(); 63 } 64 } catch (Exception e) { 65 e.printStackTrace(); 66 } 67 try { 68 if (is!=null) { 69 is.close(); 70 } 71 } catch (Exception e) { 72 e.printStackTrace(); 73 } 74 try { 75 if (rs!=null) { 76 rs.close(); 77 } 78 } catch (SQLException e) { 79 e.printStackTrace(); 80 } 81 try { 82 if (ps2!=null) { 83 ps2.close(); 84 } 85 } catch (SQLException e) { 86 e.printStackTrace(); 87 } 88 try { 89 if (ps!=null) { 90 ps.close(); 91 } 92 } catch (SQLException e) { 93 e.printStackTrace(); 94 } 95 try { 96 if (conn!=null) { 97 conn.close(); 98 } 99 } catch (SQLException e) { 100 e.printStackTrace(); 101 } 102 } 103 } 104 }
八、总结(简单封装、资源文件properties处理连接信息)
db.properties
1 #右击该properties文件--properties--Resource--Text file encoding,选中other,选择其它编码方式。 2 #如UTF-8或GBK,这样就能在properties里面输入中文,而不会自动转成Unicode了。 3 4 #java中的properties文件是一种配置文件,主要用于表达配置信息。 5 #文件类型为*.properties,格式为文本文件,文件内容是"键=值"的格式。 6 #在properties文件中,可以用"#"来作注释 7 8 #MySQL连接配置 9 mysqlDriver=com.mysql.jdbc.Driver 10 mysqlURL=jdbc:mysql://localhost:3306/testjdbc 11 mysqlUser=root 12 mysqlPwd=mysql 13 14 #Oracle连接配置 15 #...
JDBCUtil工具类
1 package com.test.jdbc; 2 3 import java.io.IOException; 4 import java.sql.Connection; 5 import java.sql.DriverManager; 6 import java.sql.ResultSet; 7 import java.sql.SQLException; 8 import java.sql.Statement; 9 import java.util.Properties; 10 11 public class JDBCUtil { 12 13 static Properties pros = null; //可以帮助读取和处理资源文件中的信息 14 15 static { //加载JDBCUtil类的时候调用 16 pros = new Properties(); 17 try { 18 pros.load(Thread.currentThread().getContextClassLoader().getResourceAsStream("db.properties")); 19 } catch (IOException e) { 20 e.printStackTrace(); 21 } 22 } 23 24 public static Connection getMysqlConn(){ 25 try { 26 Class.forName(pros.getProperty("mysqlDriver")); 27 return DriverManager.getConnection(pros.getProperty("mysqlURL"), 28 pros.getProperty("mysqlUser"),pros.getProperty("mysqlPwd")); 29 } catch (Exception e) { 30 e.printStackTrace(); 31 return null; 32 } 33 } 34 //可以重载多个,这里就懒得写了 35 public static void close(ResultSet rs,Statement st,Connection conn){ 36 37 try { 38 if (rs!=null) { 39 rs.close(); 40 } 41 } catch (SQLException e) { 42 e.printStackTrace(); 43 } 44 try { 45 if (st!=null) { 46 st.close(); 47 } 48 } catch (SQLException e) { 49 e.printStackTrace(); 50 } 51 try { 52 if (conn!=null) { 53 conn.close(); 54 } 55 } catch (SQLException e) { 56 e.printStackTrace(); 57 } 58 } 59 }
测试使用JDBCUtil工具类来简化JDBC开发
1 package com.test.jdbc; 2 3 import java.sql.Connection; 4 import java.sql.PreparedStatement; 5 import java.sql.ResultSet; 6 7 /** 8 * 测试使用JDBCUtil工具类来简化JDBC开发 9 */ 10 public class Demo11 { 11 public static void main(String[] args) { 12 Connection conn = null; 13 PreparedStatement ps = null; 14 ResultSet rs = null; 15 16 try { 17 conn = JDBCUtil.getMysqlConn(); 18 19 ps = conn.prepareStatement("insert into t_user (userName) values (?)"); 20 ps.setString(1, "小高高"); 21 ps.execute(); 22 23 } catch (Exception e) { 24 e.printStackTrace(); 25 } finally{ 26 JDBCUtil.close(rs, ps, conn); 27 } 28 } 29 }分类: JDBC 标签: jdbc, java, 数据库
JDBC详解<转>
标签:png -- 字段 特点 img sql注入 clob lte category