PreparedStatement类防止注入
1 package org.west.demo2; 2 3 import java.sql.Connection; 4 import java.sql.DriverManager; 5 import java.sql.PreparedStatement; 6 import java.sql.SQLException; 7 8 // 9 public class Test { 10 public static void main(String[] args) throws ClassNotFoundException, SQLException { 11 Class.forName("com.mysql.jdbc.Driver"); 12 Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/jdbcstudy", "root", "123456"); 13 14 String sql="insert into t_user (Sname,pwd) values (?,?)";// ?占位符 15 16 PreparedStatement statement = connection.prepareStatement(sql); 17 18 19 // statement.setString( 1,"zhaoliu"); //参数1 索引从1开始而不是从0开始计算 20 // statement.setString(2,"1234567"); //参数2 21 //我们不知道向里面添加什么类型可以使用setobject 22 //传参 23 statement.setObject(1,"dandan"); 24 statement.setObject(2,"987654"); 25 26 int i = statement.executeUpdate(); 27 System.out.println(i); 28 29 } 30 }