在千峰“逆战班”学习的第42天
今天的学习内容是JDBC的相关内容,包括ResultSet结果集,SQL注入问题以及PreparedStatement的应用
案例:
package com.qf.com.qf.day42.test4;
import java.util.Scanner;
public class TestAccount {
public static void main(String[] args) {
Scanner sc = new Scanner(System.in);
System.out.println("欢迎来到哈哈哈系统");
AccountSystem as = new AccountSystem();
int choice = 0;
do{
System.out.println("1、开户 2、存款 3、取款 4、转账 5、修改密码 6、注销 0、退出");
System.out.println("请输入:");
choice = sc.nextInt();
switch(choice){
case 1:
as.regiter();
break;
case 2:
as.saveMoney();
break;
case 3:
as.takeMoney();
break;
case 4:
as.transfer();
break;
case 5:
as.updatePassword();
break;
case 6:
as.unsubscribe();
break;
case 0:
as.closeConnection();
return;
}
}while(choice!=0);
}
}
package com.qf.com.qf.day42.test4;
import java.sql.*;
import java.util.Scanner;
public class AccountSystem {
Scanner scanner= new Scanner(System.in);
private static Connection connection = null;
PreparedStatement preparedStatement = null;
ResultSet resultSet = null;
ResultSet resultSet1 =null;
static{
try {
Class.forName("com.mysql.jdbc.Driver");
connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/hy1006?useUnicode=true&characterEncoding=utf8","root","1234");
} catch (Exception e) {
e.printStackTrace();
}
}
public void regiter(){
System.out.println("请输入卡号:");
int id = scanner.nextInt();
System.out.println("请输入用户名:");
String username = scanner.next();
System.out.println("请输入密码:");
String password = scanner.next();
System.out.println("请输入存款金额:");
double balance = scanner.nextDouble();
try {
String sql = "insert into t_test(id,password,username,balance) values(?,?,?,?)";
preparedStatement = connection.prepareStatement(sql);
preparedStatement.setInt(1,id);
preparedStatement.setString(2,password);
preparedStatement.setString(3,username);
preparedStatement.setDouble(4,balance);
int i = preparedStatement.executeUpdate();
if (i > 0){
System.out.println("注册成功");
}else{
System.out.println("注册失败");
}
} catch (Exception e) {
e.printStackTrace();
}finally{
try {
if (preparedStatement != null) {
preparedStatement.close();
}
} catch (SQLException e) {
e.printStackTrace();
}
}
}
public void saveMoney(){
System.out.println("请输入用户名:");
String username = scanner.next();
System.out.println("请输入密码:");
String password = scanner.next();
System.out.println("请输入存款金额:");
double money = scanner.nextDouble();
if(money > 0){
try {
String sql = "update t_test set balance = balance + ? where username = ? and password = ?";
preparedStatement = connection.prepareStatement(sql);
preparedStatement.setDouble(1,money);
preparedStatement.setString(2,username);
preparedStatement.setString(3,password);
int i = preparedStatement.executeUpdate();
if (i > 0){
System.out.println("存款成功");
}else{
System.out.println("存款失败,请核对用户名或密码");
}
} catch (Exception e) {
e.printStackTrace();
}finally{
try {
if (preparedStatement != null) {
preparedStatement.close();
}
} catch (SQLException e) {
e.printStackTrace();
}
}
}else{
System.out.println("输入金额错误");
}
}
public void takeMoney(){
System.out.println("请输入卡号:");
int id = scanner.nextInt();
System.out.println("请输入密码:");
String password = scanner.next();
System.out.println("请输入取款金额");
double money = scanner.nextDouble();
try {
String sql = "select balance from t_test where id = ? and password = ?";
preparedStatement = connection.prepareStatement(sql);
preparedStatement.setInt(1,id);
preparedStatement.setString(2,password);
ResultSet resultSet = preparedStatement.executeQuery();
if(resultSet.next()){
if(resultSet.getDouble("balance")>money){
String sql1 = "update t_test set balance = balance - ? where id = ? and password = ?";
preparedStatement = connection.prepareStatement(sql1);
preparedStatement.setDouble(1,money);
preparedStatement.setInt(2,id);
preparedStatement.setString(3,password);
int i = preparedStatement.executeUpdate();
if(i > 0){
System.out.println("取款成功");
}else{
System.out.println("取款失败");
}
}else{
System.out.println("卡内余额不足");
}
}else{
System.out.println("卡号或密码错误");
}
} catch (Exception e) {
e.printStackTrace();
}finally{
try {
if(resultSet!=null){
resultSet.close();
}
if(preparedStatement!=null){
preparedStatement.close();
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
public void transfer(){
System.out.println("请输入卡号:");
int id = scanner.nextInt();
System.out.println("请输入密码:");
String password = scanner.next();
try {
String sql = "select balance from t_test where id = ? and password = ?";
preparedStatement = connection.prepareStatement(sql);
preparedStatement.setInt(1,id);
preparedStatement.setString(2,password);
ResultSet resultSet = preparedStatement.executeQuery();
if(resultSet.next()){
System.out.println("请输入对方卡号:");
int id1 = scanner.nextInt();
System.out.println("请输入转账金额");
double money = scanner.nextDouble();
String sql1= "select * from t_test where id = ?";
preparedStatement = connection.prepareStatement(sql1);
preparedStatement.setInt(1,id1);
ResultSet resultSet1 = preparedStatement.executeQuery();
if(resultSet1.next()){
if(resultSet.getDouble("balance")>money){
String sql2 = "update t_test set balance = balance - ? where id = ? and password = ?";
preparedStatement = connection.prepareStatement(sql2);
preparedStatement.setDouble(1,money);
preparedStatement.setInt(2,id);
preparedStatement.setString(3,password);
int i = preparedStatement.executeUpdate();
String sql3 ="update t_test set balance = balance + ? where id = ?";
preparedStatement = connection.prepareStatement(sql3);
preparedStatement.setDouble(1,money);
preparedStatement.setInt(2,id1);
int j = preparedStatement.executeUpdate();
if(i > 0 && j > 0){
System.out.println("转账成功");
}else{
System.out.println("转账失败");
}
}else{
System.out.println("卡内余额不足");
}
}else{
System.out.println("对方卡号错误!");
}
}else{
System.out.println("卡号或密码错误");
}
} catch (Exception e) {
e.printStackTrace();
}finally{
try {
if(resultSet1!=null){
resultSet1.close();
}
if(resultSet!=null){
resultSet.close();
}
if(preparedStatement!=null){
preparedStatement.close();
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
public void updatePassword(){
System.out.println("请输入卡号:");
int id = scanner.nextInt();
System.out.println("请输入密码:");
String password = scanner.next();
try{
String sql = "select * from t_test where id = ? and password = ?";
preparedStatement = connection.prepareStatement(sql);
preparedStatement.setInt(1,id);
preparedStatement.setString(2,password);
ResultSet resultSet = preparedStatement.executeQuery();
if(resultSet.next()){
System.out.println("请输入新密码:");
String newPassword = scanner.next();
String sql1 = "update t_test set password = ? where id = ? and password = ?";
preparedStatement = connection.prepareStatement(sql1);
preparedStatement.setString(1,newPassword);
preparedStatement.setInt(2,id);
preparedStatement.setString(3,password);
int i = preparedStatement.executeUpdate();
if(i > 0){
System.out.println("密码修改成功");
}else{
System.out.println("修改失败");
}
}else{
System.out.println("请核对卡号或密码!");
}
}catch(Exception e){
e.printStackTrace();
}finally {
try {
if(resultSet!=null){
resultSet.close();
}
if(preparedStatement!=null){
preparedStatement.close();
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
public void unsubscribe(){
System.out.println("请输入卡号:");
int id = scanner.nextInt();
System.out.println("请输入密码:");
String password = scanner.next();
try{
String sql = "select * from t_test where id = ? and password = ?";
preparedStatement = connection.prepareStatement(sql);
preparedStatement.setInt(1,id);
preparedStatement.setString(2,password);
ResultSet resultSet = preparedStatement.executeQuery();
if(resultSet.next()){
String sql1 = "delete from t_test where id = ? and password = ?";
preparedStatement = connection.prepareStatement(sql1);
preparedStatement.setInt(1,id);
preparedStatement.setString(2,password);
int i = preparedStatement.executeUpdate();
if(i > 0){
System.out.println("注销成功");
}else{
System.out.println("注销失败");
}
}else{
System.out.println("卡号或密码错误");
}
}catch(Exception e){
e.printStackTrace();
}finally {
try {
if(resultSet!=null){
resultSet.close();
}
if(preparedStatement!=null){
preparedStatement.close();
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
public void closeConnection(){
if (connection!=null){
try{
connection.close();
}catch(Exception e){
e.printStackTrace();
}
System.out.println("已退出");
}
}
}
