携手创作,共同成长!这是我参与「掘金日新计划 · 8 月更文挑战」的第11天,点击查看活动详情
1.JDBC简介
同一套Java代码,操作不同的关系型数据库
实现类——>驱动
2.JDBC实现步骤
0.导入MySQL驱动jar包
点击Add as Library
代码Demo:
public class JDBCDemo {
public static void main(String[] args) throws Exception{
//1.获取驱动
Class.forName("com.mysql.jdbc.Driver");
//2.获取连接
String url = "jdbc:mysql://localhost:3306/test?useSSL=false";
String username = "root";
String password = "123456";
Connection conn = DriverManager.getConnection(url,username,password);
//3.定义sql语句
String sql = "update student set name='张小三' where id =1";
//4.获取执行sql的对象statement
Statement stmt =conn.createStatement();
//执行sql
int count = stmt.executeUpdate(sql);
//处理结果
System.out.println(count);
//释放资源
stmt.close();
conn.close();
}
}
3.JDBC-API
1.DriverManager
作用:
1.注册驱动
2.获取数据库连接
2.Connection
作用:
1.获取执行SQL的对象
2.管理事务
事务代码Demo:
public class JDBCDemo2_DriverManager {
public static void main(String[] args) throws Exception{
//1.获取驱动
//Class.forName("com.mysql.jdbc.Driver");
//2.获取连接
String url = "jdbc:mysql://localhost:3306/test?useSSL=false";
String username = "root";
String password = "123456";
Connection conn = DriverManager.getConnection(url,username,password);
//3.定义sql语句
String sql1 = "update student set name='张三' where id =1";
String sql2 = "update student set name='张三' where id =2";
//4.获取执行sql的对象statement
Statement stmt =conn.createStatement();
//执行sql
try {
conn.setAutoCommit(false);
int count1 = stmt.executeUpdate(sql1);
//处理结果
System.out.println(count1);
int i =3/0;
int count2 = stmt.executeUpdate(sql2);
//处理结果
System.out.println(count2);
conn.commit();
} catch (Exception e) {
conn.rollback();
e.printStackTrace();
}
//释放资源
stmt.close();
conn.close();
}
}
结果分析: sql1语句执行完毕,但执行sql2语句前出现错误,因此整个事务回滚,效果为name不发生改变
相关知识点
1.conn.setAutoCommit(false);
false:手动 true:自动
2.整个事务语句放在try catch中
3.Statement
作用:
1.执行sql语句
代码Demo(executeUpdate):
public class JDBCDemo4_Statement {
@Test
public void test() throws Exception{
String url = "jdbc:mysql://localhost:3306/test?useSSL=false";
String username = "root";
String password = "123456";
Connection conn = DriverManager.getConnection(url,username,password);
//3.定义sql语句
String sql = "update student set name='张三' where id =1";
//4.获取执行sql的对象statement
Statement stmt =conn.createStatement();
//执行sql
int count = stmt.executeUpdate(sql);
//处理结果
if(count>0){
System.out.println("修改成功");
}else {
System.out.println("修改失败");
}
//释放资源
stmt.close();
conn.close();
}
}
ResultSet
代码Demo:
public class JDBCDemo5_ResultSet {
public static void main(String[] args) throws Exception{
//1.获取驱动
//Class.forName("com.mysql.jdbc.Driver");
//2.获取连接
String url = "jdbc:mysql://localhost:3306/test?useSSL=false";
String username = "root";
String password = "123456";
Connection conn = DriverManager.getConnection(url,username,password);
//3.定义sql语句
String sql = "select id, name from student";
//4.获取执行sql的对象statement
Statement stmt =conn.createStatement();
//5.执行sql
ResultSet resultSet = stmt.executeQuery(sql);
//6.处理结果,遍历
//6.1 光标向下一移动一行,并且判断当前行是否有数据
while (resultSet.next()){
int id = resultSet.getInt("id");
String name = resultSet.getString("name");
System.out.println("id:"+id);
System.out.println("name:"+name);
}
//7.释放资源
resultSet.close();
stmt.close();
conn.close();
}
}
4.PreparedStatement
作用:
预编译SQL并执行:防止sql注入
sql注入:通过操作输入来修改事先定义好的sql语句,用以达到执行代码对服务器攻击的方法
PreparedStatement用法:
代码Demo:
public class JDBCDemo6_PreparedStatement {
@Test
public void test() throws Exception{
//1.获取驱动
//Class.forName("com.mysql.jdbc.Driver");
//2.获取连接
String url = "jdbc:mysql://localhost:3306/test?useSSL=false";
String username = "root";
String password = "123456";
Connection conn = DriverManager.getConnection(url,username,password);
String name="张三";
int id = 1;
//3.定义sql语句
String sql = "select id, name from student where id=? and name=?";
//4.获取pstmt对象
PreparedStatement pstmt = conn.prepareStatement(sql);
//5.设置?的值
pstmt.setInt(1,id);
pstmt.setString(2,name);
//6.执行sql语句
ResultSet rs = pstmt.executeQuery();
if(rs.next()){
System.out.println("登陆成功");
}else {
System.out.println("登陆失败");
}
//7.释放资源
rs.close();
conn.close();
}
}
PreparedStatement原理:
PreparedStatement好处:
1.预编译sql:性能更高
2.防止SQL注入:将敏感字符转义
具体转义过程:
开启预编译: 在代码中编写url时需要加上以下参数
useServerPrepStmts=true
String url = "jdbc:mysql://localhost:3306/test?useSSL=false&useServerPrepStmts=true";
开启后,执行两条sql,只会编译一次,提高了性能
