JAVA JDBC
JDBC
- 需要导入JDBC的java包
1.JDBC连接数据库
创建测试数据库
CREATE DATABASE `jdbcStudy` CHARACTER SET utf8 COLLATE utf8_general_ci;
USE `jdbcStudy`;
CREATE TABLE `users`(
`id` INT PRIMARY KEY,
`NAME` VARCHAR(40),
`PASSWORD` VARCHAR(40),
`email` VARCHAR(60),
birthday DATE
);
INSERT INTO `users`(`id`,`NAME`,`PASSWORD`,`email`,`birthday`)
VALUES('1','zhangsan','123456','zs@sina.com','1980-12-04'),
('2','lisi','123456','lisi@sina.com','1981-12-04'),
('3','wangwu','123456','wangwu@sina.com','1979-12-04')
- 创建一个普通项目
- 导入数据库驱动
- 编写测试代码
package com.JDBC.Demo01;
import com.mysql.jdbc.Driver;
import java.sql.*;
public class jdbcFirstDemo {
public static void main(String[] args) throws ClassNotFoundException, SQLException {
//1.加载驱动
Class.forName("com.mysql.cj.jdbc.Driver");//固定写法
//2.用户信息
String url = "jdbc:mysql://localhost:3306/jdbcstudy?useUnicode=true&characterEncoding=utf8&useSSL=true&serverTimezone=UTC";
String username = "root";
String password = "admin";
//3.连接成功,数据库对象 connection 代表数据库
Connection connection = DriverManager.getConnection(url, username, password);
//4.执行sql的对象 statement 执行sql的对象
Statement statement = connection.createStatement();
//5.执行sql的对象 去执行sql。可能存在结果,查看返回结果
String sql ="SELECT * FROM `users`";
ResultSet resultSet = statement.executeQuery(sql);//返回的结果集
while (resultSet.next()){
System.out.println("id="+resultSet.getObject("id"));
System.out.println("name="+resultSet.getObject("NAME"));
System.out.println("pwd="+resultSet.getObject("PASSWORD"));
System.out.println("email="+resultSet.getObject("email"));
System.out.println("birth="+resultSet.getObject("birthday"));
}
//6.释放连接
resultSet.close();
statement.close();
connection.close();
}
}
-
加载驱动
-
用户信息
-
创建数据库对象Connection connection = DriverManager.getConnection(url, username, password)
-
执行sql对象tatement statement = connection.createStatement();
-
执行sql的对象 去执行sql。可能存在结果,查看返回结果
String sql ="SELECT * FROM
users";ResultSet resultSet = statement.executeQuery(sql);//返回的结果集(executeUpdate 更新 插入 删除)
-
resultSet.beforeFirst() 移动到最前面
-
resultSet.afterLast()移动到最后面
-
resultSet.next()移动到下一个数据
-
resultSet.prevoius()移动到前一行
-
resultSet absolute()移动到指定行
-
resultSet.getObject()在不知道类型下提取
-
resultSet.getString()
-
resultSet.getInt()
-
释放链接
2.statement
CRUD操作-create
使用executUpdate(string sql)方法完成数据库添加操作,实例操作
Statement statement = connection.createStatement();
//5.执行sql的对象 去执行sql。可能存在结果,查看返回结果
String sql ="insert into user(...) value (..)";
int num= statement.executeUpdate(sql);//返回的结果集
if(num>0){
System.out.println("插入成功");
}
CRUD操作-delete
使用executUpdate(string sql)方法完成数据库添加操作,实例操作
Statement statement = connection.createStatement();
//5.执行sql的对象 去执行sql。可能存在结果,查看返回结果
String sql ="delete from user where id = 1";
int num= statement.executeUpdate(sql);//返回的结果集
if(num>0){
System.out.println(删除成功");
}
CRUD操作-update
使用executUpdate(string sql)方法完成数据库添加操作,实例操作
Statement statement = connection.createStatement();
//5.执行sql的对象 去执行sql。可能存在结果,查看返回结果
String sql ="update user set name ='' where name='';
int num= statement.executeUpdate(sql);//返回的结果集
if(num>0){
System.out.println(更新成功");
}
CRUD操作-delete
使用executeQuery(string sql)方法完成数据库添加操作,实例操作
String sql ="SELECT * FROM `users`";
ResultSet resultSet = statement.executeQuery(sql);//返回的结果集
while (resultSet.next()){
System.out.println("id="+resultSet.getObject("id"));
System.out.println("name="+resultSet.getObject("NAME"));
System.out.println("pwd="+resultSet.getObject("PASSWORD"));
System.out.println("email="+resultSet.getObject("email"));
System.out.println("birth="+resultSet.getObject("birthday"));
}
3.提取工具类
编写配置文件
driver = com.mysql.cj.jdbc.Driver
url = jdbc:mysql://localhost:3306/jdbcstudy?useUnicode=true&characterEncoding=utf8&useSSL=true&serverTimezone=UTC
username = root
password = admin
编写工具类
package com.JDBC.Demo02.utils;
import com.mysql.cj.protocol.Resultset;
import java.io.InputStream;
import java.sql.*;
import java.util.Properties;
public class JdbcUtils {
private static String driver = null;
private static String url = null;
private static String username = null;
private static String password = null;
static {
try{
InputStream input = JdbcUtils.class.getClassLoader().getResourceAsStream("db.properties");
Properties properties = new Properties();
properties.load(input);
driver=properties.getProperty("driver");
url=properties.getProperty("url");
username=properties.getProperty("username");
password=properties.getProperty("password");
//1.驱动只用加载一次
Class.forName(driver);
} catch (Exception e) {
e.printStackTrace();
}
}
//获取链接
public static Connection getConnection() throws SQLException {
return DriverManager.getConnection(url,username,password);
}
//释放资源
public static void release(Connection connection, Statement statement, ResultSet resultSet) throws SQLException {
if(resultSet!=null){
resultSet.close();
}
if(statement!=null){
statement.close();
}
if(connection!=null){
connection.close();
}
}
}
测试
编写插入数据
package com.JDBC.Demo02.test;
import com.JDBC.Demo02.utils.JdbcUtils;
import com.mysql.cj.protocol.Resultset;
import java.sql.Connection;
import java.sql.SQLException;
import java.sql.Statement;
public class TestInsert {
public static void main(String[] args) throws SQLException {
Connection connection= null;
Statement statement = null;
Resultset resultset = null;
try {
connection = JdbcUtils.getConnection();//获取数据库链接
statement = connection.createStatement();
String sql = " INSERT INTO `users`(`id`,`NAME`,`PASSWORD`,`email`,`birthday`)\n" +
"VALUES('4','zhangsan','123456','zs@sina.com','1220-12-04');";
int i = statement.executeUpdate(sql);
if(i>0){
System.out.println("插入成功");
}
} catch (SQLException e) {
e.printStackTrace();
}finally {
JdbcUtils.release(connection,statement,null);
}
}
}
编写查询数据
package com.JDBC.Demo02.test;
import com.JDBC.Demo02.utils.JdbcUtils;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
public class TestQuery {
public static void main(String[] args) throws SQLException {
Connection connection=null;
Statement statement = null;
ResultSet resultSet=null;
try {
connection = JdbcUtils.getConnection();
statement = connection.createStatement();
String sql = "select * from users where id=1";
resultSet = statement.executeQuery(sql);
if(resultSet.next()){
System.out.println("id="+resultSet.getObject("id"));
System.out.println("name="+resultSet.getObject("NAME"));
System.out.println("pwd="+resultSet.getObject("PASSWORD"));
System.out.println("email="+resultSet.getObject("email"));
System.out.println("birth="+resultSet.getObject("birthday"));
}
} catch (SQLException e) {
e.printStackTrace();
}finally {
JdbcUtils.release(connection,statement,resultSet);
}
}
}
4. SQL注入问题
sql存在漏洞会被攻击导致数据泄露 SQL会被拼接
普通常见登录
package com.JDBC.Demo02.test;
import com.JDBC.Demo02.utils.JdbcUtils;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
public class SQL注入 {
public static void main(String[] args) throws SQLException {
//正常登录
login("zhangsan","123456");
}
// 登录业务
public static void login(String username,String password) throws SQLException {
Connection connection=null;
Statement statement = null;
ResultSet resultSet=null;
try {
connection = JdbcUtils.getConnection();
statement = connection.createStatement();
String sql = "select * from users where `NAME` ='"+username+"' AND `PASSWORD`='"+password+"' ";
resultSet = statement.executeQuery(sql);
if(resultSet.next()){
System.out.println("id="+resultSet.getObject("id"));
System.out.println("name="+resultSet.getObject("NAME"));
System.out.println("pwd="+resultSet.getObject("PASSWORD"));
System.out.println("email="+resultSet.getObject("email"));
System.out.println("birth="+resultSet.getObject("birthday"));
}
} catch (SQLException e) {
e.printStackTrace();
}finally {
JdbcUtils.release(connection,statement,resultSet);
}
}
}
PreparedStatement对象
PreparedStatement可以防止SQL注入,而且效率更好
使用PreparedStatement插入数据:
package com.JDBC.Demo03;
import com.JDBC.Demo02.utils.JdbcUtils;
import java.util.Date;
import java.sql.*;
public class TestInsert {
public static void main(String[] args) throws SQLException {
Connection connection=null;
PreparedStatement preparedStatement = null;
ResultSet resultSet = null;
try {
connection = JdbcUtils.getConnection();
//区别
//使用?占位符代替参数
String sql = " INSERT INTO `users`(`id`,`NAME`,`PASSWORD`,`email`,`birthday`)\n" +
"VALUES(?,?,?,?,?)";
preparedStatement = connection.prepareStatement(sql);//预编译sql,先写sql ,然后不执行
//手动参数赋值
preparedStatement.setInt(1,5);
preparedStatement.setString(2,"xiang");
preparedStatement.setString(3,"123456");
preparedStatement.setString(4,"xsadas@dsh.com");
//注意点 sql.Date 数据库
// util.Date Java new Date().getTime()获得时间戳
preparedStatement.setDate(5,new java.sql.Date(new Date().getTime()));
int i = preparedStatement.executeUpdate();
if(i>0){
System.out.println("插入成功");
}
} catch (SQLException e) {
e.printStackTrace();
}finally {
JdbcUtils.release(connection,preparedStatement,resultSet);
}
}
}
使用PreparedStatement查询数据:
package com.JDBC.Demo03;
import com.JDBC.Demo02.utils.JdbcUtils;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
public class TestQuery {
public static void main(String[] args) throws SQLException {
Connection connection=null;
PreparedStatement preparedStatement= null;
ResultSet resultSet = null;
try {
connection = JdbcUtils.getConnection();
String sql = "select * from users where id=?";//编写sql
preparedStatement = connection.prepareStatement(sql);//预编译
preparedStatement.setInt(1,1);//传递参数
resultSet=preparedStatement.executeQuery();//执行查询
if(resultSet.next()){
System.out.println("id="+resultSet.getObject("id"));
System.out.println("name="+resultSet.getObject("NAME"));
System.out.println("pwd="+resultSet.getObject("PASSWORD"));
System.out.println("email="+resultSet.getObject("email"));
System.out.println("birth="+resultSet.getObject("birthday"));
}
} catch (SQLException e) {
e.printStackTrace();
}finally {
JdbcUtils.release(connection,preparedStatement,resultSet);
}
}
}
优化:
package com.JDBC.Demo03;
import com.JDBC.Demo02.utils.JdbcUtils;
import java.sql.*;
import java.util.Scanner;
public class SQL注入 {
public static void main(String[] args) throws SQLException {
System.out.print("输入查询用户ID:");
try {
Scanner scanner = new Scanner(System.in);
int id = scanner.nextInt();
login(id);
}catch (Exception e){
e.printStackTrace();
System.out.println("数据异常!");
}
}
// 登录业务
public static void login(int id) throws SQLException { Connection connection=null;
PreparedStatement preparedStatement= null;
ResultSet resultSet = null;
try {
connection = JdbcUtils.getConnection();
String sql = "select * from users where id=?";//编写sql
preparedStatement = connection.prepareStatement(sql);//预编译
preparedStatement.setInt(1,id);//传递参数
resultSet=preparedStatement.executeQuery();//执行查询
if(resultSet.next()){
System.out.println("id="+resultSet.getObject("id"));
System.out.println("name="+resultSet.getObject("NAME"));
System.out.println("pwd="+resultSet.getObject("PASSWORD"));
System.out.println("email="+resultSet.getObject("email"));
System.out.println("birth="+resultSet.getObject("birthday"));
}
} catch (SQLException e) {
e.printStackTrace();
}finally {
JdbcUtils.release(connection,preparedStatement,resultSet);
}
}
}
5. JDBC事物
- 开启事务connection.setAutoCommit(false);
- 提交事务 connection.commit();
- 可以在catch语句中显示定义回滚语句,但默认失败就会回滚connection.rollback();
package com.JDBC.Demo05;
import com.JDBC.Demo02.utils.JdbcUtils;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Date;
public class TestTransaction {
public static void main(String[] args) throws SQLException {
Connection connection=null;
PreparedStatement preparedStatement = null;
ResultSet resultSet = null;
try {
connection = JdbcUtils.getConnection();
//关闭数据库的自动提交,自动会开启事务
connection.setAutoCommit(false);//开启事物
//区别
//使用?占位符代替参数
String sql = " INSERT INTO `users`(`id`,`NAME`,`PASSWORD`,`email`,`birthday`)\n" +
"VALUES(?,?,?,?,?)";
preparedStatement = connection.prepareStatement(sql);//预编译sql,先写sql ,然后不执行
//手动参数赋值
preparedStatement.setInt(1,6);
preparedStatement.setString(2,"xiang");
preparedStatement.setString(3,"123456");
preparedStatement.setString(4,"xsadas@dsh.com");
//注意点 sql.Date 数据库
// util.Date Java new Date().getTime()获得时间戳
preparedStatement.setDate(5,new java.sql.Date(new Date().getTime()));
int i = preparedStatement.executeUpdate();
connection.commit();
if(i>0){
System.out.println("插入成功");
}
} catch (SQLException e) {
//异常回滚
connection.rollback();
e.printStackTrace();
}finally {
JdbcUtils.release(connection,preparedStatement,resultSet);
}
}
}
6. 数据库连接池
数据库连接……执行完毕……释放
连接……释放 十分浪费系统资源
池化技术:准备一些预先的资源,过来就链接预先准备好的
开门 -业务员-:等待 —服务
常用链接数
最小连接数
最大连接数
超过最大连接数 排队等待
等待超时
编写连接池,实现一个接口DataSource
开源数据源实现
DBCP
C3P0
Druid (阿里巴巴)
使用了这些连接数据库连接池之后,我们在项目开发中就不需要编写数据库的代码了!
示例:BDCP
需要用到的jar包
commons-dbcp commons-logging commons-pool
编写配置文件
driverClassName=com.mysql.cj.jdbc.Driver
url = jdbc:mysql://localhost:3306/jdbcstudy?useUnicode=true&characterEncoding=utf8&useSSL=true&serverTimezone=UTC
username = root
password = admin
#<!-- 初始化连接 -->
initialSize=10
#最大连接数量
maxActive=50
#<!-- 最大空闲连接 -->
maxIdle=20
#<!-- 最小空闲连接 -->
minIdle=5
#<!-- 超时等待时间以毫秒为单位 6000毫秒/1000等于60秒 -->
maxWait=60000
#JDBC驱动建立连接时附带的连接属性属性的格式必须为这样:【属性名=property;】
#注意:"user" 与 "password" 两个属性会被明确地传递,因此这里不需要包含他们。
connectionProperties=useUnicode=true;characterEncoding=UTF8
#指定由连接池所创建的连接的自动提交(auto-commit)状态。
defaultAutoCommit=true
#driver default 指定由连接池所创建的连接的只读(read-only)状态。
#如果没有设置该值,则“setReadOnly”方法将不被调用。(某些驱动并不支持只读模式,如:Informix)
defaultReadOnly=
#driver default 指定由连接池所创建的连接的事务级别(TransactionIsolation)。
#可用值为下列之一:(详情可见javadoc。)NONE,READ_UNCOMMITTED, READ_COMMITTED, REPEATABLE_READ, SERIALIZABLE
defaultTransactionIsolation=READ_UNCOMMITTED
编写工具类
package com.JDBC.Demo05.utils;
import org.apache.commons.dbcp2.BasicDataSource;
import org.apache.commons.dbcp2.BasicDataSourceFactory;
import java.io.InputStream;
import java.sql.*;
import java.util.Properties;
public class JdbcUtils_dbcp {
private static BasicDataSource dataSource = null;
static {
try{
InputStream input = JdbcUtils_dbcp.class.getClassLoader().getResourceAsStream("db.properties");
Properties properties = new Properties();
properties.load(input);
//创建数据源 工厂模式 -->创建对象
dataSource = BasicDataSourceFactory.createDataSource(properties);
} catch (Exception e) {
e.printStackTrace();
}
}
//获取链接
public static Connection getConnection() throws SQLException {
return dataSource.getConnection();//从数据中获取连接
}
//释放资源
public static void release(Connection connection, Statement statement, ResultSet resultSet) throws SQLException {
if(resultSet!=null){
resultSet.close();
}
if(statement!=null){
statement.close();
}
if(connection!=null){
connection.close();
}
}
}
测试
package com.JDBC.Demo05.utils;
import com.JDBC.Demo02.utils.JdbcUtils;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
public class TestQuery {
public static void main(String[] args) throws SQLException {
Connection connection=null;
PreparedStatement preparedStatement= null;
ResultSet resultSet = null;
try {
connection = JdbcUtils_dbcp.getConnection();
String sql = "select * from users where id=?";//编写sql
preparedStatement = connection.prepareStatement(sql);//预编译
preparedStatement.setInt(1,1);//传递参数
resultSet=preparedStatement.executeQuery();//执行查询
if(resultSet.next()){
System.out.println("id="+resultSet.getObject("id"));
System.out.println("name="+resultSet.getObject("NAME"));
System.out.println("pwd="+resultSet.getObject("PASSWORD"));
System.out.println("email="+resultSet.getObject("email"));
System.out.println("birth="+resultSet.getObject("birthday"));
}
} catch (SQLException e) {
e.printStackTrace();
}finally {
JdbcUtils_dbcp.release(connection,preparedStatement,resultSet);
}
}
}
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 分享一个免费、快速、无限量使用的满血 DeepSeek R1 模型,支持深度思考和联网搜索!
· 25岁的心里话
· 基于 Docker 搭建 FRP 内网穿透开源项目(很简单哒)
· ollama系列01:轻松3步本地部署deepseek,普通电脑可用
· 按钮权限的设计及实现