jdbc connection operation mysql, direct operation and preprocessing method
- 一个新手Original
- 2017-09-11 11:19:161288browse
Steps:
1. Load the sql database driver
Class.forName(“com.mysql.jdbc.Driver”);
2. Connect to the database
con = DriverManager.getConnection(url, username, pwd);
3. Get Statement
stmt = con.createStatement();
4. Write the sql statement you want to execute
eg: String sql = “select * from student”;
5. Operation database
For the sake of understanding, the following is the content of the database I operate: 
package com.wql.jdbc;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;/**
* @author wql
*
*/public class jdbc { public static void main(String[] args) { /// 加载sql数据库驱动
try {
Class.forName("com.mysql.jdbc.Driver");
} catch (ClassNotFoundException e) { // TODO Auto-generated catch block
e.printStackTrace();
}
Connection con = null;
Statement stmt = null;
ResultSet result = null;
PreparedStatement pstm = null;// 预处理
String url = "jdbc:mysql://localhost:3306/work"; // 数据库所在位置
String username = "root"; // 数据库用户名
String pwd = "123456"; // 数据库密码
try { /// 连接数据库
con = DriverManager.getConnection(url, username, pwd); /// 获得Statement
stmt = con.createStatement(); /// 写入想要执行的sql语句
String sql = "select * from student"; /// 获得sql语句执行后的集
result = stmt.executeQuery(sql); // 在控制台打印出数据库内容
System.out.println("学号" + " 姓名" + " 年 龄 " + " 性别"); while (result.next()) { int id = result.getInt(1); // 这里对应数据库中表的第一个字段属性,接受内容的属性要根据数据库的属性
String name = result.getString(2);
String age = result.getString(3);
String sex = result.getString(4);
System.out.println(" " + id + " " + name + " " + age + " " + sex);/////////////////////下面有验证截图1 /////////////////////////
} // 用Statement向表中插入数据
String sql2 = "insert into student values(9,\"李丽\",\"1990-12-25\",\"女\")";
stmt.executeUpdate(sql2);// 更新数据/////////////////////下面有验证jdbc connection operation mysql, direct operation and preprocessing method /////////////////////////
///// 上面用Statement操作数据库十分麻烦,在一些特定场合可以使用预处理方法来操作数据库
String sql3 = "insert into student values(?,?,?,?)";/// 插入数据
pstm = con.prepareStatement(sql3);
pstm.setInt(1, 10); /// 前面的数字1代码表中的第1字段,后面的9是要插入表中第1个字段的内容
pstm.setString(2, "流星雨");
pstm.setString(3, "1998-02-03");
pstm.setString(4, "男");
pstm.executeUpdate();/////////////////////下面有验证截图 /////////////////////////
} catch (SQLException e) { // TODO Auto-generated catch block
e.printStackTrace();
}
}
}Screenshot 1: 
Screenshot 2: 
Screenshot 3: 
The above operations on the database can be used to draw inferences, focusing on: the benefits of preprocessing:
jdbc Connection preprocessing can prevent SQL injection and improve security. Because the SQL statement has been pre-compiled before the program is run, the SQL statement has been analyzed, compiled and optimized by the database before the first operation of the database when the program is running. The corresponding execution plan will also be cached and allow the database to be parameterized. Query in the form, when parameters are dynamically passed to PreprareStatement at runtime, even if there are sensitive characters in the parameters such as or'1=1', the database will treat it as a parameter and a field attribute value instead of as an SQL command. In this way, it plays the role of SQL injection!
The above is the detailed content of jdbc connection operation mysql, direct operation and preprocessing method. For more information, please follow other related articles on the PHP Chinese website!