與資料庫連線:JDBC
阿新 • • 發佈:2021-12-08
@
目錄JDBC概述
JDBC(Java DataBase Connectivity)java資料庫連線
是一種用於執行SQL語句的Java API,可以為多種關係型資料庫提供統一訪問,它由一組用Java語言編寫的類和介面組成。
有了JDBC,java開發人員只需要編寫一次程式,就可以訪問不同的資料庫.
JDBC搭建
jdbc搭建步驟
1.匯入資料庫開發商提供的資料庫連線實現類的jar檔案
2.載入驅動
3.建立與資料庫的連線
4.向資料庫傳送資訊
5.執行完畢後,關閉與資料庫的連線
package javajdbc; import java.sql.*; import java.util.Properties; import java.util.logging.Logger; import java.sql.Connection; import java.sql.DriverManager; import java.sql.SQLException; import java.sql.Statement; public class Demo1 { public static void main(String[] args) { //java反射機制,動態載入類 /* Class.forName("com.mysql.cj.jdbc.Driver"); DriverManager.registerDriver(new Driver());*/ String url = "jdbc:mysql://127.0.0.1:3306/school_db?characterEncoding=utf8&useSSL=false&serverTimezone=UTC"; try { //建立與資料庫的連線,返回connection物件 Connection connection = DriverManager.getConnection(url,"資料庫使用者名稱","密碼"); //statement用於向資料庫傳送sql語句 Statement st = connection.createStatement(); st.executeUpdate("insert into grade (name) value('四年級')"); st.close(); connection.close(); } catch (SQLException throwables) { throwables.printStackTrace(); } } }
public static void main(String[] args) throws SQLException { String url = "jdbc:mysql://127.0.0.1:3306/school_db?characterEncoding=utf8&serverTimezone=UTC"; //與資料庫鍵連線 Connection connection = DriverManager.getConnection(url,"資料庫使用者名稱","密碼"); try { //獲取statement Statement st = connection.createStatement(); //executeUpdate傳送sql到資料庫,返回所操作的行數 //int res = st.executeUpdate("create table test(id int)");//可執行ddl,dml //int res = st.executeUpdate("insert into test(id) value (1)");//可執行ddl,dml int res = st.executeUpdate("delete from test where id");//可執行ddl,dml System.out.println(res); } catch (SQLException throwables) { throwables.printStackTrace(); } }
PreparedStatement和Statement
1.程式碼的可讀性和可維護性.
Statement:
1. 靜態SQL執行,沒操作一次向資料庫編譯傳送一次,效率低
2.將變數以字串形式拼接進去,書寫麻煩
3.不能防止sql注入,安全性低
PreparedStatement:
1.預先將sql語句編譯到PreparedStatement物件中可以重複使用,效率高
2.使用set方法向佔位符處進行設定值,書寫方便
3.可以防止SQL注入,安全性高
statement
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.sql.Statement;
public class Demo3 {
public static void main(String[] args) throws SQLException {
String url = "jdbc:mysql://127.0.0.1:3306/school_db?characterEncoding=utf8&serverTimezone=UTC";
//與資料庫鍵連線
Connection connection = DriverManager.getConnection(url,"資料庫使用者名稱","密碼");
try {
//獲取statement
Statement st = connection.createStatement();
String name = "jim";
String sex = "女";
String birthday = "1999-05-23";
int grade = 4;
int score = 90;
String phone = "15333333333";
String adress = "西安";
st.executeUpdate("insert into student(name,sex,birthday,grade,score,phone,address,reg_time) "
+"values('"+name+"','"+sex+"','"+birthday+"',"+grade+","+score+",'"+phone+"','"+adress+"',new DATE ())");
} catch (SQLException throwables) {
throwables.printStackTrace();
}
}
}
PreparedStatement
import java.sql.*;
import java.util.Date;
public class Demo4 {
public static void main(String[] args) throws SQLException {
String url = "jdbc:mysql://127.0.0.1:3306/school_db?characterEncoding=utf8&serverTimezone=UTC";
//與資料庫鍵連線
Connection connection = DriverManager.getConnection(url,"資料庫使用者名稱","密碼");
try {
//獲取statement
Statement st = connection.createStatement();
String name = "tom";
String sex = "女";
String birthday = "1999-05-23";
int grade = 4;
int score = 90;
String phone = "15333333333";
String adress = "西安";
String sql = "insert into student(name,sex,birthday,grade,score,phone,address,reg_time) "
+ "values(?,?,?,?,?,?,?,?)";//?表示佔位符,表示一個值的位置
//預先將sql語句編譯到PreparedStatement物件中
PreparedStatement ps = connection.prepareStatement(sql);
//向sql中佔位符進行賦值操作
ps.setString(1, name);
ps.setString(2, sex);
ps.setString(3, birthday);
ps.setInt(4, grade);
ps.setInt(5, score);
ps.setString(6, phone);
ps.setString(7, adress);
ps.setObject(8, new Date());
ps.executeUpdate();
} catch (SQLException throwables) {
throwables.printStackTrace();
}
}
}
2、最重要的一點是極大地提高了安全性. 防止sql注入
statement
public static void main(String[] args) throws SQLException {
String url = "jdbc:mysql://127.0.0.1:3306/school_db?characterEncoding=utf8&serverTimezone=UTC";
//與資料庫鍵連線
Connection connection = DriverManager.getConnection(url,"資料庫使用者名稱","密碼");
try {
//獲取statement
Statement st = connection.createStatement();
String name = "'陝西省' or 1=1";//暴力的sql注入,直接將值拼接到字串中的,沒有做任何處理,不能防止sql注入
int res = st.executeUpdate("delete from t_area where name = " + name);
System.out.println(res);
} catch (SQLException throwables) {
throwables.printStackTrace();
}
}
PreparedStatement
public static void main(String[] args) throws SQLException {
String url = "jdbc:mysql://127.0.0.1:3306/school_db?characterEncoding=utf8&serverTimezone=UTC";
//與資料庫鍵連線
Connection connection = DriverManager.getConnection(url,"資料庫使用者名稱","密碼");
try {
//獲取statement
Statement st = connection.createStatement();
String name = "'陝西省' or 1=1";//暴力的sql注入,直接將值拼接到字串中的,沒有做任何處理,不能防止sql注入
PreparedStatement ps = connection.prepareStatement("delete from t_area where name = ?");
ps.setString(1, name);
ps.executeUpdate();
} catch (SQLException throwables) {
throwables.printStackTrace();
}
}
結果集處理
這裡是引用PreparedStatement和Statement中的executeQuery()方法中會返回一個ResultSet物件,查詢結果就封裝在此物件中.
使用ResultSet中的next()方法獲得下一行資料
使用getXXX(String name)方法獲得值
建立Student類
package com.ff.javajdbc;
import java.util.Date;
public class Student {
private int num;
private String name;
private String sex;
private Date birthday;
private int grade;
private String phone;
private String address;
private Date reg_time;
public int getNum() {
return num;
}
public void setNum(int num) {
this.num = num;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getSex() {
return sex;
}
public void setSex(String sex) {
this.sex = sex;
}
public Date getBirthday() {
return birthday;
}
public void setBirthday(Date birthday) {
this.birthday = birthday;
}
public int getGrade() {
return grade;
}
public void setGrade(int grade) {
this.grade = grade;
}
public String getPhone() {
return phone;
}
public void setPhone(String phone) {
this.phone = phone;
}
public String getAddress() {
return address;
}
public void setAddress(String address) {
this.address = address;
}
public Date getReg_time() {
return reg_time;
}
public void setReg_time(Date reg_time) {
this.reg_time = reg_time;
}
@Override
public String toString() {
return "Student{" +
"num=" + num +
", name='" + name + '\'' +
", sex='" + sex + '\'' +
", birthday=" + birthday +
", grade=" + grade +
", phone='" + phone + '\'' +
", address='" + address + '\'' +
", reg_time=" + reg_time +
'}';
}
}
ResultSet中的next()方法獲得下一行資料
public static void main(String[] args) throws SQLException {
String url = "jdbc:mysql://127.0.0.1:3306/school_db?characterEncoding=utf8&serverTimezone=UTC";
//與資料庫鍵連線
try {
Connection connection = DriverManager.getConnection(url,"資料庫使用者名稱","密碼");
int num = 3 ;
String sql = "select num,name,sex,birthday,grade,phone,address,reg_time from student where num = ?";
PreparedStatement ps = connection.prepareStatement(sql);
ps.setInt(1,num);
//executeQuery()用於執行查詢語句,將查詢到的結果封裝到ResultSet物件中
ResultSet rs = ps.executeQuery();
//可以將ResultSet中的物件,獲取並轉化為我們自己定義物件中
Student student = new Student();
//next() 判斷結果集中是否還包含資料,如果包含返回true,將指標指向下一個資料
while(rs.next()){
//將結果集中獲得資料,設定到student物件
/* 1對應的查詢資料的第一列
student.setNum(rs.getInt(1));
student.setName(rs.getString(2));*/
student.setNum(rs.getInt("num"));
student.setName(rs.getString("name"));
student.setSex(rs.getString("sex"));
student.setBirthday(rs.getDate("birthday"));
student.setGrade(rs.getInt("grade"));
student.setPhone(rs.getString("phone"));
student.setAddress(rs.getString("address"));
student.setReg_time(rs.getTimestamp("reg_time"));
}
System.out.println(student);
} catch (SQLException throwables) {
throwables.printStackTrace();
}
}
獲得一個表中的所有資料
public static void main(String[] args) throws SQLException {
String url = "jdbc:mysql://127.0.0.1:3306/school_db?characterEncoding=utf8&serverTimezone=UTC";
//與資料庫鍵連線
try {
Connection connection = DriverManager.getConnection(url,"資料庫使用者名稱","密碼");
String sql = "select num,name,sex,birthday,grade,phone,address,reg_time from student ";
PreparedStatement ps = connection.prepareStatement(sql);
//executeQuery()用於執行查詢語句,將查詢到的結果封裝到ResultSet物件中
ResultSet rs = ps.executeQuery();
ArrayList<Student> arrayList = new ArrayList<>();
//可以將ResultSet中的物件,獲取並轉化為我們自己定義物件中
//next() 判斷結果集中是否還包含資料,如果包含返回true,將指標指向下一個資料
while (rs.next()) {
Student student = new Student();
student.setNum(rs.getInt("num"));
student.setName(rs.getString("name"));
student.setSex(rs.getString("sex"));
student.setBirthday(rs.getDate("birthday"));
student.setGrade(rs.getInt("grade"));
student.setPhone(rs.getString("phone"));
student.setAddress(rs.getString("address"));
student.setReg_time(rs.getTimestamp("reg_time"));
arrayList.add(student);
}
for (Student student: arrayList) {
System.out.println(student);
}
} catch (SQLException throwables) {
throwables.printStackTrace();
}
}