Javaweb-JDBC-API详解
package DUIXIANG;
public class Account {
private int id;
private String name;
private Double money;
public int getId(){
return this.id;
}
public void setId(int id){
this.id = id;
}
public String getName(){
return this.name;
}
public void setName(String name){
this.name = name;
}
public Double getMoney(){
return this.money;
}
public void setMoney(Double money){
this.money = money;
}
}
package JDBC;
import DUIXIANG.Account;
import java.sql.*;
import java.util.ArrayList;
import java.util.List;
public class JDBCDemo {
public static void main(String[] args) throws Exception {
//1.注册驱动
Class.forName("com.mysql.cj.jdbc.Driver");
//2.获取连接
String url = "jdbc:mysql://127.0.0.1:3306/mysql基础";
String username = "root";
String password = "root";
Connection conn = DriverManager.getConnection(url, username, password);
//3.定义sql语句
String sql = "select * from account";
//4.获取执行sql的对象Statement
Statement stmt = conn.createStatement();
//5.执行sql,ResultSet对象包含了SQL查询的结果集。它类似于一个表,有行和列。每一行代表查询结果中的一个记录,每一列代表记录中的一个字段。你可以通过ResultSet对象提供的各种方法(如next(), getString(String columnName), getInt(int columnIndex)等)来遍历结果集并获取数据。
ResultSet rst = stmt.executeQuery(sql);//执行DQL语句
List
//6.处理结果
while (rst.next()) {
Account account = new Account();
int id = rst.getInt("id");
String name = rst.getString("name");
double money = rst.getDouble("money");
account.setId(id);
account.setName(name);
account.setMoney(money);
list.add(account);
}
for(int i = 0;i < list.size();i ++){
System.out.println(list.get(i).getId());
System.out.println(list.get(i).getName());
System.out.println(list.get(i).getMoney());
System.out.println("-----------");
}
//7.释放资源
rst.close();
stmt.close();
conn.close();
}
}
演示SQL注入
package JDBC;
import DUIXIANG.Account;
import java.sql.*;
import java.util.ArrayList;
import java.util.List;
public class JDBCDemo {
public static void main(String[] args) throws Exception {
//1.注册驱动
Class.forName("com.mysql.cj.jdbc.Driver");
//2.获取连接
String url = "jdbc:mysql://127.0.0.1:3306/mysql基础";
String username = "root";
String password = "root";
Connection conn = DriverManager.getConnection(url, username, password);
String n = "zhangsan";
String p = "' or '1' = '1";
//3.定义sql语句
String sql = "select * from users where username = '"+n+"' and password = '"+p+"'";
//4.获取执行sql的对象Statement
Statement stmt = conn.createStatement();
//5.执行sql,ResultSet对象包含了SQL查询的结果集。它类似于一个表,有行和列。每一行代表查询结果中的一个记录,每一列代表记录中的一个字段。你可以通过ResultSet对象提供的各种方法(如next(), getString(String columnName), getInt(int columnIndex)等)来遍历结果集并获取数据。
ResultSet rst = stmt.executeQuery(sql);//执行DQL语句
//6.处理结果
if(rst.next()) {
System.out.println("登录成功");
}else {
System.out.println("登录失败");
}
//7.释放资源
rst.close();
stmt.close();
conn.close();
}
}
package JDBC;
import DUIXIANG.Account;
import java.sql.*;
import java.util.ArrayList;
import java.util.List;
public class JDBCDemo {
public static void main(String[] args) throws Exception {
//1.注册驱动
Class.forName("com.mysql.cj.jdbc.Driver");
//2.获取连接
String url = "jdbc:mysql://127.0.0.1:3306/mysql基础";
String username = "root";
String password = "root";
Connection conn = DriverManager.getConnection(url, username, password);
String n = "zhangsan";
String p = "' or '1' = '1";
//3.定义sql语句
String sql = "select * from users where username = ? and password = ?";
//4.获取执行sql的对象Statement
PreparedStatement pstmt = conn.prepareStatement(sql);
pstmt.setString(1,n);
pstmt.setString(2,p);
//5.执行sql,ResultSet对象包含了SQL查询的结果集。它类似于一个表,有行和列。每一行代表查询结果中的一个记录,每一列代表记录中的一个字段。你可以通过ResultSet对象提供的各种方法(如next(), getString(String columnName), getInt(int columnIndex)等)来遍历结果集并获取数据。
ResultSet rst = pstmt.executeQuery();//执行DQL语句
//6.处理结果
if(rst.next()) {
System.out.println("登录成功");
}else {
System.out.println("登录失败");
}
//7.释放资源
rst.close();
pstmt.close();
conn.close();
}
}
