PreparedStatement类防止注入

 1 package org.west.demo2;
 2 
 3 import java.sql.Connection;
 4 import java.sql.DriverManager;
 5 import java.sql.PreparedStatement;
 6 import java.sql.SQLException;
 7 
 8 //
 9 public class Test {
10     public static void main(String[] args) throws ClassNotFoundException, SQLException {
11         Class.forName("com.mysql.jdbc.Driver");
12         Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/jdbcstudy", "root", "123456");
13 
14      String sql="insert into t_user (Sname,pwd) values (?,?)";// ?占位符
15 
16         PreparedStatement statement = connection.prepareStatement(sql);
17 
18 
19 //        statement.setString( 1,"zhaoliu");  //参数1   索引从1开始而不是从0开始计算
20 //        statement.setString(2,"1234567");   //参数2
21 //我们不知道向里面添加什么类型可以使用setobject
22         //传参
23         statement.setObject(1,"dandan");
24         statement.setObject(2,"987654");
25 
26         int i = statement.executeUpdate();
27         System.out.println(i);
28 
29     }
30 }

 

posted @ 2019-07-12 19:33  七月的风没有雨  阅读(302)  评论(0编辑  收藏  举报