PreparedStatement接口及其方法的使用
PreparedStatement接口是Statement接口的子接口,使用它的好处有三个
一:简化代码,便于sql语句的书写
二:有效的禁止sql语句的注入,例如:用户名和密码,使用PreparedStatement接口的方法,可防止不正确的输入登陆成功,提高
数据库系统的安全性
三:最大可能的提高了效率
代码如下:
package com.lanqiao.javatest;
import java.io.IOException;
import java.io.InputStream;
import java.sql.Connection;
import java.sql.Date;
import java.sql.Driver;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Properties;
import org.junit.Test;
import com.mysql.jdbc.Statement;
/*
* preparedStatement是Statement的子接口,好处一:可实现sql语句的便捷写法
* */
public class Test1 {
public void testPreparedStatement() throws Exception{
Connection connection=null;
PreparedStatement preparedstatement=null;
try {
connection=getConnection();
String sql="insert into table12 (id,name,email,birth) values(?,?,?,?)";
preparedstatement=connection.prepareStatement(sql);
preparedstatement.setInt(1, 8);
preparedstatement.setString(2, "liquan");
preparedstatement.setString(3, "fsdf");
preparedstatement.setDate(4, new Date(new java.util.Date().getTime()));
//获取实时时间的方法Date date=new Date(new java.util.Date().getTame);
preparedstatement.executeUpdate();
} catch (Exception e) {
e.printStackTrace();
}finally {
if(preparedstatement!=null){
preparedstatement.close();
}
if(connection!=null){
connection.close();
}
}
}
public Connection getConnection() throws Exception{
String driverClass=null;
String jdbcUrl=null;
String user=null;
String password=null;
InputStream in=Test1.class.getClassLoader().getResourceAsStream("jdbc.properties");
Properties properties=new Properties();
properties.load(in);
driverClass=properties.getProperty("driver");
jdbcUrl=properties.getProperty("jdbcUrl");
user=properties.getProperty("user");
password=properties.getProperty("password");
Driver driver=(Driver)Class.forName(driverClass).newInstance();
Properties info=new Properties();
info.put("user", "root");
info.put("password", "lxn123");
Connection connection=driver.connect(jdbcUrl, info);
return connection;
}
public void testConnection() throws Exception{
System.out.println(getConnection());
}
@Test
//好处二:作用:有效的禁止sql注入,输入正确的用户名和密码才能登陆;
//就是防止错误的用户名和密码,实现数据库的安全性
public void testSQL() throws Exception{
// String userName="a' or password=";
// String password="or '1'='1";
String userName="lxn";
String password="lxn123";
String sql="SELECT * FROM table1 WHERE userName=? AND PASSWORD=?";
System.out.println(sql);
Connection connection=null;
PreparedStatement preparedstatement=null;
ResultSet resultset=null;
try {
connection=getConnection();
preparedstatement=connection.prepareStatement(sql);
preparedstatement.setString(1, userName);
preparedstatement.setString(2, password);;
resultset=preparedstatement.executeQuery();
if(resultset.next()){
System.out.println("登陆成功!!!");
}
else{
System.out.println("登陆失败!!!");
}
} catch (Exception e) {
}finally{
if (resultset!=null) {
resultset.close();
}
if (preparedstatement!=null) {
preparedstatement.close();
}
if (connection!=null) {
connection.close();
}
}
}
//好处三:最大可能的提高效率
}