- 下载jdbc jar包,中央仓库下载
https://mvnrepository.com/artifact/mysql/mysql-connector-java/8.0.24
- 项目导入
右键jar包,然后add as library
- 数据库操作
3.1连接数据库
package com.heima.jdbc;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;
public class JDBCDemo {
public static void main(String[] args) throws Exception
{
// 1.注册驱动,目前已经不需要注册驱动,驱动默认加载
// Class.forName("com.mysql.jdbc.Driver");
// 2.获取连接
String url = "jdbc:mysql://127.0.0.1:3306/db1";
String username = "root";
String password = "hexiong";
Connection conn = DriverManager.getConnection(url, username, password);
// 3.定义sql
String sql = "update account set money = 2000 where id = 1";
// 4.获取执行sql的对象
Statement stmt = conn.createStatement();
// 5. 执行sql
int count = stmt.executeUpdate(sql); //返回受影响结果
// 6.处理结果
System.out.println(count);
// 7.释放资源
stmt.close();
conn.close();
}
}说明
Connection对象
获取执行sql对象
3.2 事务管理
定义了三个方法管理
try {
conn.setAutoCommit(false);
int count1 = stmt.executeUpdate(sql1);
int count2 = stmt.executeUpdate(sql2);
System.out.println(count1);
System.out.println(count2);
conn.commit();
}
catch (Exception throwables){
conn.rollback();
throwables.printStackTrace();
}Statement对象
ResultSet对象
3.3 JDBC执行DQL数据查询
@Test单元测试,单元测试需要安装两个jar包
核心 ResultSet rs = stmt.executeQuery(sql);
package com.itheima.jdbc;
import org.junit.Test;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;
public class JDBCDemo_ResultSet {
@Test
public void testDQL() throws Exception {
// // 1.注册驱动
// Class.forName("com.mysql.jdbc.Driver");
// 2.获取连接
String url = "jdbc:mysql://127.0.0.1:3306/db1";
String username = "root";
String password = "hexiong";
Connection conn = DriverManager.getConnection(url, username, password);
// 3.定义sql
String sql = "SELECT * from account";
// 4.获取执行sql的对象
Statement stmt = conn.createStatement();
// 5. 执行sql
ResultSet rs = stmt.executeQuery(sql); //返回受影响结果
// 受影响行数>0则执行成功,否则失败
while (rs.next())
{
int id = rs.getInt(1);
String name = rs.getString(2);
int money = rs.getInt(3);
System.out.println(id);
System.out.println(name);
System.out.println(money);
System.out.println("+++++++++++++++++++++++");
}
// 7.释放资源
rs.close();
stmt.close();
conn.close();
}
}
练习:
@Test
public void testResultSet() throws Exception {
// // 1.注册驱动
// Class.forName("com.mysql.jdbc.Driver");
// 2.获取连接
String url = "jdbc:mysql://127.0.0.1:3306/db1";
String username = "root";
String password = "hexiong";
Connection conn = DriverManager.getConnection(url, username, password);
// 3.定义sql
String sql = "SELECT * from account";
// 4.获取执行sql的对象
Statement stmt = conn.createStatement();
// 5. 执行sql
ResultSet rs = stmt.executeQuery(sql); //返回受影响结果
//创建集合
List<Account> list = new ArrayList<Account>();
// 受影响行数>0则执行成功,否则失败
while (rs.next())
{
Account account = new Account();
int id = rs.getInt(1);
String name = rs.getString(2);
int money = rs.getInt(3);
account.setId(id);
account.setName(name);
account.setMoney(money);
list.add(account);
}
System.out.println(list);
// 7.释放资源
rs.close();
stmt.close();
conn.close();
}3.4 PreparedStatement
执行sql语句对象,预防SQL注入
模拟sql注入
public void testResultSet() throws Exception {
// // 1.注册驱动
// Class.forName("com.mysql.jdbc.Driver");
// 2.获取连接
String url = "jdbc:mysql://127.0.0.1:3306/db1";
String username = "root";
String password = "hexiong";
Connection conn = DriverManager.getConnection(url, username, password);
// 3.定义sql
String name = "zhangsan";
// String pwd = "123";
String pwd = "' or '1' = '1"; //sql 注入
String sql = "SELECT * from user where name='" + name +"'and password='" + pwd +"'";
System.out.println(sql);
// 4.获取执行sql的对象
Statement stmt = conn.createStatement();
// 5. 执行sql
ResultSet rs = stmt.executeQuery(sql); //返回受影响结果
//创建集合
// 受影响行数>0则执行成功,否则失败
if(rs.next())
{
System.out.println("登录成功");
}
else {
System.out.println("登录失败");
}
// 7.释放资源
rs.close();
stmt.close();
conn.close();
}分析,打印执行的语句如下,本质上利用了查询条件
SELECT * from user where name='zhangsan'and password='' or '1' = '1'
PreparedStatement 防sql注入
public void testResultSet() throws Exception {
// // 1.注册驱动
// Class.forName("com.mysql.jdbc.Driver");
// 2.获取连接
String url = "jdbc:mysql://127.0.0.1:3306/db1";
String username = "root";
String password = "hexiong";
Connection conn = DriverManager.getConnection(url, username, password);
// 3.定义sql
String name = "zhangsan";
String pwd = "1234";
String sql = "SELECT * from user where name=? and password=?";
System.out.println(sql);
// 4.获取执行sql的对象
PreparedStatement pstmt = conn.prepareStatement(sql);
pstmt.setString(1, name);
pstmt.setString(2,pwd);
// 5. 执行sql
ResultSet rs = pstmt.executeQuery(); //返回受影响结果
//创建集合
// 受影响行数>0则执行成功,否则失败
if(rs.next())
{
System.out.println("登录成功");
}
else {
System.out.println("登录失败");
}
// 7.释放资源
rs.close();
pstmt.close();
conn.close();
}说明:
使用prepareStatement本质工作原理,即对变量进行转义,比如name,pwd中的特殊字符进行转义。
