时间:2021-07-01 10:21:17 帮助过:9人阅读
1 //Statement 2 String id = "5"; 3 String sql = "delete from table where id=" + id; 4 Statement st = conn.createStatement(); 5 st.executeQuery(sql); 6 //存在sql注入的危险 7 //如果用户传入的id为“5 or 1=1”,那么将删除表中的所有记录
1 //PreparedStatement 有效的防止sql注入(SQL语句在程序运行前已经进行了预编译,当运行时动态地把参数传给PreprareStatement时,即使参数里有敏感字符如 or ‘1=1‘也数据库会作为一个参数一个字段的属性值来处理而不会作为一个SQL指令) 2 String sql = “insert into user (name,pwd) values(?,?)”; 3 PreparedStatement ps = conn.preparedStatement(sql); 4 ps.setString(1, “col_value”); //占位符顺序从1开始 5 ps.setString(2, “123456”); //也可以使用setObject 6 ps.executeQuery();
4.处理执行结果(ResultSet)
1 ResultSet rs = ps.executeQuery();
2 While(rs.next()){
3 rs.getString(“col_name”);
4 rs.getInt(1);
5 //…
6 }
5.释放资源
//数据库连接(Connection)非常耗资源,尽量晚创建,尽量早的释放
//都要加try catch 以防前面关闭出错,后面的就不执行了
1 try { 2 if (rs != null) { 3 rs.close(); 4 } 5 } catch (SQLException e) { 6 e.printStackTrace(); 7 } finally { 8 try { 9 if (st != null) { 10 st.close(); 11 } 12 } catch (SQLException e) { 13 e.printStackTrace(); 14 } finally { 15 try { 16 if (conn != null) { 17 conn.close(); 18 } 19 } catch (SQLException e) { 20 e.printStackTrace(); 21 } 22 } 23 }
四、事务(ACID特点、隔离级别、提交commit、回滚rollback)
1.批处理Batch1 package com.test. 2
3 import java.sql.Connection;
4 import java.sql.DriverManager;
5 import java.sql.SQLException;
6 import java.sql.Statement;
7
8 /**
9 * 测试ResultSet结果集的基本用法
10 */
11 public class Demo05 {
12 public static void main(String[] args) {
13 Connection conn = null;
14 Statement stmt = null;
15
16 try {
17 Class.forName("com.mysql.jdbc.Driver");
18 conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/testjdbc","root","mysql");
19
20 conn.setAutoCommit(false); //设为手动提交
21
22 long start = System.currentTimeMillis();
23
24 stmt = conn.createStatement();
25 for (int i = 0; i < 20000; i++) {
26 stmt.addBatch("insert into t_user (userName,pwd,regTime) values (‘hao" + i + "‘,666666,now())");
27 }
28 stmt.executeBatch();
29 conn.commit(); //提交事务
30
31 long end = System.currentTimeMillis();
32 System.out.println("插入200000条数据,耗时(ms):" + (end - start));
33
34 } catch (ClassNotFoundException e) {
35 e.printStackTrace();
36 } catch (SQLException e) {
37 e.printStackTrace();
38 } finally{
39
40 try {
41 if (stmt!=null) {
42 stmt.close();
43 }
44 } catch (SQLException e) {
45 e.printStackTrace();
46 }
47 try {
48 if (conn!=null) {
49 conn.close();
50 }
51 } catch (SQLException e) {
52 e.printStackTrace();
53 }
54 }
55 }
56 }
2.测试事务的基本概念和用法
1 package com.test.jdbc;
2
3 import java.sql.Connection;
4 import java.sql.DriverManager;
5 import java.sql.PreparedStatement;
6 import java.sql.SQLException;
7
8 /**
9 * 测试事务的基本概念和用法
10 */
11 public class Demo06 {
12 public static void main(String[] args) {
13 Connection conn = null;
14 PreparedStatement ps1 = null;
15 PreparedStatement ps2 = null;
16
17 try {
18 Class.forName("com.mysql.jdbc.Driver");
19 conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/testjdbc","root","mysql");
20
21 conn.setAutoCommit(false); //JDBC中默认是true,自动提交事务
22
23 ps1 = conn.prepareStatement("insert into t_user(userName,pwd)values(?,?)"); //事务开始
24 ps1.setObject(1, "小高");
25 ps1.setObject(2, "123");
26 ps1.execute();
27 System.out.println("第一次插入");
28
29 try {
30 Thread.sleep(5000);
31 } catch (InterruptedException e) {
32 e.printStackTrace();
33 }
34
35 ps2 = conn.prepareStatement("insert into t_user(userName,pwd)values(?,?,?)"); //模拟执行失败(values的参数写成三个了)
36 //insert时出现异常,执行conn.rollback
37 ps2.setObject(1, "小张");
38 ps2.setObject(2, "678");
39 ps2.execute();
40 System.out.println("第二次插入");
41
42 conn.commit();
43
44 } catch (ClassNotFoundException e) {
45 e.printStackTrace();
46 try {
47 conn.rollback();
48 } catch (SQLException e1) {
49 e1.printStackTrace();
50 }
51 } catch (SQLException e) {
52 e.printStackTrace();
53 } finally{
54
55 try {
56 if (ps1!=null) {
57 ps1.close();
58 }
59 } catch (SQLException e) {
60 e.printStackTrace();
61 }
62 try {
63 if (ps2!=null) {
64 ps2.close();
65 }
66 } catch (SQLException e) {
67 e.printStackTrace();
68 }
69 try {
70 if (conn!=null) {
71 conn.close();
72 }
73 } catch (SQLException e) {
74 e.printStackTrace();
75 }
76 }
77 }
78 }
控制台输出
1 第一次插入 2 java.sql.SQLException: No value specified for parameter 3 3 at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1078) 4 at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:989) 5 at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:975) 6 at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:920) 7 at com.mysql.jdbc.PreparedStatement.checkAllParametersSet(PreparedStatement.java:2611) 8 at com.mysql.jdbc.PreparedStatement.fillSendPacket(PreparedStatement.java:2586) 9 at com.mysql.jdbc.PreparedStatement.fillSendPacket(PreparedStatement.java:2510) 10 at com.mysql.jdbc.PreparedStatement.execute(PreparedStatement.java:1316) 11 at com.test.jdbc.Demo06.main(Demo06.java:39)
五、时间处理(Date和Time以及Timestamp区别、随机日期生成)
java.util.Date
1 package com.test.jdbc;
2
3 import java.sql.Connection;
4 import java.sql.DriverManager;
5 import java.sql.PreparedStatement;
6 import java.sql.SQLException;
7 import java.sql.Timestamp;
8 import java.util.Random;
9
10 /**
11 * 测试时间处理(java.sql.Date,Time,Timestamp)
12 */
13 public class Demo07 {
14 public static void main(String[] args) {
15 Connection conn = null;
16 PreparedStatement ps = null;
17
18 try {
19 Class.forName("com.mysql.jdbc.Driver");
20 conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/testjdbc","root","mysql");
21
22 for (int i = 0; i < 1000; i++) {
23
24 ps = conn.prepareStatement("insert into t_user(userName,pwd,regTime,lastLoginTime)values(?,?,?,?)");
25 ps.setObject(1, "小高" + i);
26 ps.setObject(2, "123");
27
28 //
29 int random = 1000000000 + new Random().nextInt(1000000000); //随机时间
30
31 java.sql.Date date = new java.sql.Date(System.currentTimeMillis() - random); //插入随机时间
32 java.sql.Timestamp stamp = new Timestamp(System.currentTimeMillis()); //如果需要插入指定时间,可以使用Calendar、DateFormat
33 ps.setDate(3, date);
34 ps.setTimestamp(4, stamp);
35 //
36 ps.execute();
37 }
38
39 System.out.println("插入");
40
41 } catch (ClassNotFoundException e) {
42 e.printStackTrace();
43 } catch (SQLException e) {
44 e.printStackTrace();
45 } finally{
46
47 try {
48 if (ps!=null) {
49 ps.close();
50 }
51 } catch (SQLException e) {
52 e.printStackTrace();
53 }
54 try {
55 if (conn!=null) {
56 conn.close();
57 }
58 } catch (SQLException e) {
59 e.printStackTrace();
60 }
61 }
62 }
63 }
1 package com.test.jdbc;
2
3 import java.sql.Connection;
4 import java.sql.Date;
5 import java.sql.DriverManager;
6 import java.sql.PreparedStatement;
7 import java.sql.ResultSet;
8 import java.sql.SQLException;
9 import java.text.DateFormat;
10 import java.text.ParseException;
11 import java.text.SimpleDateFormat;
12
13 /**
14 * 测试时间处理(java.sql.Date,Time,Timestamp),取出指定时间段的数据
15 */
16 public class Demo08 {
17
18 /**
19 * 将字符串代表的时间转为long数字(格式:yyyy-MM-dd hh:mm:ss)
20 * @param dateStr
21 * @return
22 */
23 public static long str2DateTime(String dateStr){
24 DateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss");
25
26 try {
27 return format.parse(dateStr).getTime();
28 } catch (ParseException e) {
29 e.printStackTrace();
30 return 0;
31 }
32 }
33
34 public static void main(String[] args) {
35 Connection conn = null;
36 PreparedStatement ps = null;
37 ResultSet rs = null;
38
39 try {
40 Class.forName("com.mysql.jdbc.Driver");
41 conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/testjdbc","root","mysql");
42
43 //
44 ps = conn.prepareStatement("select * from t_user where regTime > ? and regTime < ?");
45 java.sql.Date start = new java.sql.Date(str2DateTime("2016-06-20 00:00:00"));
46 java.sql.Date end = new java.sql.Date(str2DateTime("2016-06-24 00:00:00"));
47
48 ps.setObject(1, start);
49 ps.setObject(2, end);
50
51 rs = ps.executeQuery();
52 while(rs.next()){
53 System.out.println(rs.getInt("id") + "--" + rs.getString("userName")+"--"+rs.getDate("regTime"));
54 }
55 //
56
57 } catch (ClassNotFoundException e) {
58 e.printStackTrace();
59 } catch (SQLException e) {
60 e.printStackTrace();
61 } finally{
62
63 try {
64 if (ps!=null) {
65 ps.close();
66 }
67 } catch (SQLException e) {
68 e.printStackTrace();
69 }
70 try {
71 if (conn!=null) {
72 conn.close();
73 }
74 } catch (SQLException e) {
75 e.printStackTrace();
76 }
77 }
78 }
79 }
六、CLOB文本大对象操作
1 package com.test.jdbc;
2
3 import java.io.BufferedReader;
4 import java.io.ByteArrayInputStream;
5 import java.io.File;
6 import java.io.FileReader;
7 import java.io.InputStreamReader;
8 import java.io.Reader;
9 import java.sql.Clob;
10 import java.sql.Connection;
11 import java.sql.DriverManager;
12 import java.sql.PreparedStatement;
13 import java.sql.ResultSet;
14 import java.sql.SQLException;
15
16 /**
17 * 测试CLOB 文本大对象的使用
18 * 包含:将字符串、文件内容插入数据库中的CLOB字段和将CLOB字段值取出来的操作。
19 */
20 public class Demo09 {
21 public static void main(String[] args) {
22 Connection conn = null;
23 PreparedStatement ps = null;
24 PreparedStatement ps2 = null;
25 ResultSet rs = null;
26 Reader r = null;
27
28 try {
29 Class.forName("com.mysql.jdbc.Driver");
30 conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/testjdbc","root","mysql");
31
32 //插入//
33 ps = conn.prepareStatement("insert into t_user(userName,myInfo)values(?,?)");
34 ps.setString(1, "小高");
35
36 //将文本文件内容直接输入到数据库中
37 // ps.setClob(2, new FileReader(new File("G:/JAVA/test/a.txt")));
38
39 //将程序中的字符串输入到数据库中的CLOB字段中
40 ps.setClob(2, new BufferedReader(new InputStreamReader(new ByteArrayInputStream("aaaa".getBytes()))));
41
42 ps.executeUpdate();
43 System.out.println("插入");
44 //
45
46 //查询//
47 ps2 = conn.prepareStatement("select * from t_user where id=?");
48 ps2.setObject(1, 223021);
49
50 rs = ps2.executeQuery();
51 System.out.println("查询");
52 while (rs.next()) {
53 Clob c = rs.getClob("myInfo");
54 r = c.getCharacterStream();
55 int temp = 0;
56 while ((temp=r.read())!=-1) {
57 System.out.print((char)temp);
58 }
59 }
60
61 } catch (ClassNotFoundException e) {
62 e.printStackTrace();
63 } catch (Exception e) {
64 e.printStackTrace();
65 } finally{
66
67 try {
68 if (r!=null) {
69 r.close();
70 }
71 } catch (Exception e) {
72 e.printStackTrace();
73 }
74 try {
75 if (rs!=null) {
76 rs.close();
77 }
78 } catch (SQLException e) {
79 e.printStackTrace();
80 }
81 try {
82 if (ps2!=null) {
83 ps2.close();
84 }
85 } catch (SQLException e) {
86 e.printStackTrace();
87 }
88 try {
89 if (ps!=null) {
90 ps.close();
91 }
92 } catch (SQLException e) {
93 e.printStackTrace();
94 }
95 try {
96 if (conn!=null) {
97 conn.close();
98 }
99 } catch (SQLException e) {
100 e.printStackTrace();
101 }
102 }
103 }
104 }
七、BLOB二进制大对象的使用
1 package com.test.jdbc;
2
3 import java.io.FileInputStream;
4 import java.io.FileOutputStream;
5 import java.io.InputStream;
6 import java.io.OutputStream;
7 import java.sql.Blob;
8 import java.sql.Connection;
9 import java.sql.DriverManager;
10 import java.sql.PreparedStatement;
11 import java.sql.ResultSet;
12 import java.sql.SQLException;
13
14 /**
15 * 测试BLOB 二进制大对象的使用
16 */
17 public class Demo10 {
18 public static void main(String[] args) {
19 Connection conn = null;
20 PreparedStatement ps = null;
21 PreparedStatement ps2 = null;
22 ResultSet rs = null;
23 InputStream is = null;
24 OutputStream os = null;
25
26 try {
27 Class.forName("com.mysql.jdbc.Driver");
28 conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/testjdbc","root","mysql");
29
30 //插入//
31 ps = conn.prepareStatement("insert into t_user(userName,headImg)values(?,?)");
32 ps.setString(1, "小高");
33 ps.setBlob(2, new FileInputStream("G:/JAVA/test/d.jpg"));
34 ps.execute();
35 //
36
37 //查询//
38 ps2 = conn.prepareStatement("select * from t_user where id=?");
39 ps2.setObject(1, 223024);
40
41 rs = ps2.executeQuery();
42 System.out.println("查询");
43 while (rs.next()) {
44 Blob b = rs.getBlob("headImg");
45 is = b.getBinaryStream();
46 os = new FileOutputStream("G:/JAVA/test/h.jpg");
47
48 int temp = 0;
49 while ((temp=is.read())!=-1) {
50 os.write(temp);
51 }
52 }
53
54 } catch (ClassNotFoundException e) {
55 e.printStackTrace();
56 } catch (Exception e) {
57 e.printStackTrace();
58 } finally{
59
60 try {
61 if (os!=null) {
62 os.close();
63 }
64 } catch (Exception e) {
65 e.printStackTrace();
66 }
67 try {
68 if (is!=null) {
69 is.close();
70 }
71 } catch (Exception e) {
72 e.printStackTrace();
73 }
74 try {
75 if (rs!=null) {
76 rs.close();
77 }
78 } catch (SQLException e) {
79 e.printStackTrace();
80 }
81 try {
82 if (ps2!=null) {
83 ps2.close();
84 }
85 } catch (SQLException e) {
86 e.printStackTrace();
87 }
88 try {
89 if (ps!=null) {
90 ps.close();
91 }
92 } catch (SQLException e) {
93 e.printStackTrace();
94 }
95 try {
96 if (conn!=null) {
97 conn.close();
98 }
99 } catch (SQLException e) {
100 e.printStackTrace();
101 }
102 }
103 }
104 }
八、总结(简单封装、资源文件properties处理连接信息)
db.properties
1 #右击该properties文件--properties--Resource--Text file encoding,选中other,选择其它编码方式。 2 #如UTF-8或GBK,这样就能在properties里面输入中文,而不会自动转成Unicode了。 3 4 #java中的properties文件是一种配置文件,主要用于表达配置信息。 5 #文件类型为*.properties,格式为文本文件,文件内容是"键=值"的格式。 6 #在properties文件中,可以用"#"来作注释 7 8 #MySQL连接配置 9 mysqlDriver=com.mysql.jdbc.Driver 10 mysqlURL=jdbc:mysql://localhost:3306/testjdbc 11 mysqlUser=root 12 mysqlPwd=mysql 13 14 #Oracle连接配置 15 #...
JDBCUtil工具类
1 package com.test.jdbc;
2
3 import java.io.IOException;
4 import java.sql.Connection;
5 import java.sql.DriverManager;
6 import java.sql.ResultSet;
7 import java.sql.SQLException;
8 import java.sql.Statement;
9 import java.util.Properties;
10
11 public class JDBCUtil {
12
13 static Properties pros = null; //可以帮助读取和处理资源文件中的信息
14
15 static { //加载JDBCUtil类的时候调用
16 pros = new Properties();
17 try {
18 pros.load(Thread.currentThread().getContextClassLoader().getResourceAsStream("db.properties"));
19 } catch (IOException e) {
20 e.printStackTrace();
21 }
22 }
23
24 public static Connection getMysqlConn(){
25 try {
26 Class.forName(pros.getProperty("mysqlDriver"));
27 return DriverManager.getConnection(pros.getProperty("mysqlURL"),
28 pros.getProperty("mysqlUser"),pros.getProperty("mysqlPwd"));
29 } catch (Exception e) {
30 e.printStackTrace();
31 return null;
32 }
33 }
34 //可以重载多个,这里就懒得写了
35 public static void close(ResultSet rs,Statement st,Connection conn){
36
37 try {
38 if (rs!=null) {
39 rs.close();
40 }
41 } catch (SQLException e) {
42 e.printStackTrace();
43 }
44 try {
45 if (st!=null) {
46 st.close();
47 }
48 } catch (SQLException e) {
49 e.printStackTrace();
50 }
51 try {
52 if (conn!=null) {
53 conn.close();
54 }
55 } catch (SQLException e) {
56 e.printStackTrace();
57 }
58 }
59 }
测试使用JDBCUtil工具类来简化JDBC开发
1 package com.test.jdbc;
2
3 import java.sql.Connection;
4 import java.sql.PreparedStatement;
5 import java.sql.ResultSet;
6
7 /**
8 * 测试使用JDBCUtil工具类来简化JDBC开发
9 */
10 public class Demo11 {
11 public static void main(String[] args) {
12 Connection conn = null;
13 PreparedStatement ps = null;
14 ResultSet rs = null;
15
16 try {
17 conn = JDBCUtil.getMysqlConn();
18
19 ps = conn.prepareStatement("insert into t_user (userName) values (?)");
20 ps.setString(1, "小高高");
21 ps.execute();
22
23 } catch (Exception e) {
24 e.printStackTrace();
25 } finally{
26 JDBCUtil.close(rs, ps, conn);
27 }
28 }
29 }
分类: JDBC
标签: jdbc, java, 数据库
JDBC详解<转>
标签:png -- 字段 特点 img sql注入 clob lte category