jdbc筆記(二) 使用PreparedStatement對單表的CRUD操作
阿新 • • 發佈:2019-01-01
首先宣告,本文只給出程式碼,並不是做教程用,如有不便之處,還請各位見諒。
PreparedStatement相較於Statement,概括來說,共有三個優勢:
1. 程式碼的可讀性和易維護性:PreparedStatement不需要像Statement那樣拼接sql語句,而是用?代替,再對其進行賦值,程式碼簡潔易懂,一目瞭然。
2. 預編譯及DB的快取過程,使得PreparedStatement在效率上高於Statement。
3. 防止SQL注入(這個不太懂,先這樣寫著吧)
之前在使用Statement時提過,jdbc的過程大致分為6步(也可以說是7步):註冊驅動、建立連線、建立Statement、定義SQL語句、執行SQL語句(如有結果集還需遍歷)、關閉連線。PreparedStatement和Statement過程大致相當,不同之處在於,先定義SQL語句,再建立PreparedStatement,再設定引數。總結起來,過程如下:
// 1. 註冊驅動 // 2. 建立連線 // 3. 定義sql // 4. 建立PreparedStatement // 5. 設定引數 // 6. 執行sql,如果有結果集需遍歷並獲取 // 7. 關閉資源
下面給出PreparedStatement進行CRUD的程式碼。
package com.colin.dao; import com.colin.bean.User; import com.colin.util.DBUtil; import java.sql.*; import java.util.*; public class PreparedjdbcTest {/** * 插入一條新記錄_PreparedStatement * @param id id 主鍵 * @param name 姓名 * @param age 年齡 * @throws SQLException */ public static void insert(int id, String name, int age) throws SQLException { long starttime = System.currentTimeMillis(); PreparedStatement preparedStatement= null; Connection connection = null; try { // 1. 註冊驅動 // 2. 建立連線 connection = DBUtil.getConnection(); // 3. 定義sql——?是佔位符,在設定引數部分會被替換掉 String sql = "insert into user(id, name, age) values(?, ?, ?)"; // 4. 建立PreparedStatement preparedStatement = connection.prepareStatement(sql); // 5. 設定引數 preparedStatement.setInt(1, id); preparedStatement.setString(2, name); preparedStatement.setInt(3, age); // 6. 執行sql,如果有結果集需遍歷並獲取 int affectrows = preparedStatement.executeUpdate(); System.out.println("affectrows : " + affectrows); } finally { // 7. 關閉資源 DBUtil.closeAll(preparedStatement, connection); } System.out.println("總用時: " + (System.currentTimeMillis() - starttime)); } /** * 修改一條記錄 * @param id * @param name * @param age * @throws SQLException */ public static void update(int id, String name, int age) throws SQLException { long starttime = System.currentTimeMillis(); PreparedStatement preparedStatement = null; Connection connection = null; try { connection = DBUtil.getConnection(); String sql = "update user set name = ?, age = ? where id = ?"; preparedStatement = connection.prepareStatement(sql); preparedStatement.setInt(3, id); preparedStatement.setString(1, name); preparedStatement.setInt(2, age); int affectrows = preparedStatement.executeUpdate(); System.out.println("affectrows : " + affectrows); } finally { DBUtil.closeAll(preparedStatement, connection); } System.out.println("總用時 : " + (System.currentTimeMillis() - starttime)); } /** * 刪除一條記錄 * @param id * @throws SQLException */ public static void delete(int id) throws SQLException { long starttime = System.currentTimeMillis(); PreparedStatement preparedStatement = null; Connection connection = null; try { connection = DBUtil.getConnection(); String sql = "delete from user where id = ?"; preparedStatement = connection.prepareStatement(sql); preparedStatement.setInt(1, id); int affectrows = preparedStatement.executeUpdate(); System.out.println("affectrows : " + affectrows); } finally { DBUtil.closeAll(preparedStatement, connection); } System.out.println("總用時 : " + (System.currentTimeMillis() - starttime)); } /** * 查詢一條記錄 * @param id * @throws SQLException */ public static List<User> selectOne(int id) throws SQLException { List<User> userList = new ArrayList<>(); ResultSet resultSet = null; PreparedStatement preparedStatement = null; Connection connection = null; try { // 1. 註冊驅動,建立連線 connection = DBUtil.getConnection(); // 2. 定義SQL String sql = "SELECT id, name, age FROM user WHERE id = ?"; // 3. 建立PreparedStatement preparedStatement = connection.prepareStatement(sql); preparedStatement.setInt(1, id); resultSet = preparedStatement.executeQuery(); while (resultSet.next()) { User user = new User( resultSet.getInt("id"), resultSet.getString("name"), resultSet.getInt("age") ); userList.add(user); } } finally { DBUtil.closeAll(resultSet, preparedStatement, connection); } return userList; } /** * 查詢所有記錄 * @throws SQLException */ public static List<User> selectAll() throws SQLException { List<User> userList = new ArrayList<>(); ResultSet resultSet = null; PreparedStatement preparedStatement = null; Connection connection = null; try { // 1. 註冊驅動,建立連線 connection = DBUtil.getConnection(); // 2. 定義SQL String sql = "SELECT id, name, age FROM user"; // 3. 建立PreparedStatement preparedStatement = connection.prepareStatement(sql); resultSet = preparedStatement.executeQuery(); while (resultSet.next()) { User user = new User( resultSet.getInt("id"), resultSet.getString("name"), resultSet.getInt("age") ); userList.add(user); } } finally { DBUtil.closeAll(resultSet, preparedStatement, connection); } return userList; } public static void main(String[] args) throws SQLException { // insert(10,"pestmtName",7); // update(10, "pestmtName2", 8); // delete(8); // List<User> userList = selectOne(1); List<User> userList = selectAll(); System.out.println(userList); } }
完畢。