JDBC(4)PreparedStatement
PreparedStatement:
是一个预编译对象
是Statement的子接口
允许数据库预编译SQL
执行SQL的时候,无需重新传入SQL语句,它们已经编译SQL语句
执行SQL语句 :executeQuery()或execute Update() 注意:不要在传入SQL语句
可以有效地防止SQL注入
方法:
->setXxxx(int index,Xxx value):传入参数值。
连接/关闭方法
public Connection getConnection() throws Exception { String driver = "com.mysql.jdbc.Driver"; String url = "jdbc:mysql://localhost:3307/shijian"; String user = "root"; String password = "1234"; Class.forName(driver); Connection connection = DriverManager.getConnection(url, user, password); return connection; //System.out.println(connection); } //关闭 public void Close(ResultSet rs, Statement statement, Connection conn) { if (rs != null) { try { rs.close(); } catch (SQLException e) { e.printStackTrace(); } } if (statement != null) { try { statement.close(); } catch (SQLException e) { e.printStackTrace(); } } if (conn != null) { try { conn.close(); } catch (SQLException e) { e.printStackTrace(); } } }
@Test public void testPreparedStatementjdbc(){ Connection connection = null; PreparedStatement preparedStatement = null; try { connection = getConnection(); String sql = "insert into student(sname,sclass) values(?,?)"; preparedStatement = (PreparedStatement) connection.prepareStatement(sql);
preparedStatement.setString(1, "lisi"); preparedStatement.setInt(2, 123456); //不要传入SQL语句 preparedStatement.executeUpdate(); } catch (Exception e) { e.printStackTrace(); }finally { Close(null, preparedStatement, connection); } }
ResultSetMetaData
是描述ResuleSet的元数据对象,即从中得到有多少列,列明是什么
得到ResultSetMetaData 对象:调用ResultSet 的 getMetaData()方法
ResultSetMetaData的好方法
-->int getColumnLabel(int column) 获取指定的列名,缩影从1开始
-->String getColumnCount() SQL语句有哪些列
@Test public void testResultMeteData(){ Connection connection = null; PreparedStatement statement =null; ResultSet resuleset = null; try { String sql = "select * from student where id = ?"; connection = testGetConnection(); statement = (PreparedStatement) connection.prepareStatement(sql); statement.setInt(1, 2); resuleset = statement.executeQuery(); //1.得到ResultSetMetaData对象 ResultSetMetaData rsmd = (ResultSetMetaData) resuleset.getMetaData(); //2.打印每一列的列名 Map<String,Object> values = new HashMap<String,Object>(); while(resuleset.next()){ for(int i = 0; i < rsmd.getColumnCount();i++){ String c = rsmd.getColumnLabel(i +1); Object ovalue = resuleset.getObject(c); //System.out.println(c + "--" + ovalue); values.put(c, ovalue); } Class clazz = Student.class; Object object = clazz.newInstance(); for(Map.Entry<String, Object> entry: values.entrySet()){ String sid = entry.getKey(); String sname = (String) entry.getValue(); System.out.println( sid + "--" + sname); } } } catch (Exception e) { e.printStackTrace(); }finally { Close(resuleset, statement, connection); } }