文章目录
I know, i know
地球另一端有你陪我
一、shell 连接 mysql
第一步:登录数据库
第二步:编写调用sql语句
#!bin/sh
MYSQL="mysql -h192.168.x.xxx -uroot -p123456
--default-character-set=utf8"
sql="select * from fghdata.student"
result="$($MYSQL -e $sql)"
echo -e $result
二、java 连接 mysql
1、增
insert into table... values...
public static void main(String[] args) throws Exception{
//1.加载驱动
Class.forName("com.mysql.jdbc.Driver");
//2.获取连接
Connection conn = DriverManager.getConnection(
"jdbc:mysql://master:3306/fghdata", "root", "123456");
//3.执行sql
String sql =
"insert into student(id,name,age,sex) values(1012,'aaa',21,'1')";
Statement statement = conn.createStatement();
int i = statement.executeUpdate(sql);
System.out.println(i);
//4.关闭
statement.close();
conn.close();
}
2、删
delete from table where
public static void main(String[] args) throws Exception{
//1.加载驱动
Class.forName("com.mysql.jdbc.Driver");
//2.获取连接
Connection conn = DriverManager.getConnection(
"jdbc:mysql://master:3306/fghdata", "root", "123456");
//3.执行sql
Statement statement = conn.createStatement();
String sql = "delete from student where id=1011";
int i = statement.executeUpdate(sql);
System.out.println(i);
//4.关闭
statement.close();
conn.close();
}
3、改
update table set xxx where
public static void main(String[] args) {
//1.建立连接
try {
Class.forName("com.mysql.jdbc.Driver");
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
//2.获取连接
Connection conn = null;
try {
conn = DriverManager.getConnection(
"jdbc:mysql://master:3306/fghdata","root","123456");
//3.执行sql
String sql="update student set name='new' where id=1011";
Statement statement = conn.createStatement();
int i = statement.executeUpdate(sql);
System.out.println(i);
//4.关闭
statement.close();
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
4、查
public static void main(String[] args) throws Exception{
//1.加载驱动(引用项目中的代码) 通过反射
Class.forName("com.mysql.jdbc.Driver");
//2.获取连接 返回一个对象 通过conn对象操作mysql(conn等同于mysql服务)
Connection conn = DriverManager.getConnection(
"jdbc:mysql://master:3306/fghdata", "root", "123456");
//3.1获取执行器
Statement statement = conn.createStatement();
String sql = "select * from student";
//3.2执行sql语句 增删改(要么成功要么失败) 和查(结果有一个或多个 或失败)
ResultSet resultSet = statement.executeQuery(sql);
while(resultSet.next()){
mysql字段的索引从1开始,查找第二列
String string = resultSet.getString(2);
System.out.println(string);
}
//4.关闭三个通道
resultSet.close();
statement.close();
conn.close();
}
三、模拟登录逻辑
1、方法一:statement 执行器
public static void main(String[] args) throws Exception{
Class.forName("com.mysql.jdbc.Driver");
Connection conn = DriverManager.getConnection(
"jdbc:mysql://master:3306/fghdata", "root", "123456");
Statement statement = conn.createStatement();
String un = "fgh";
String pw = "1234567";
String sql =
"select * from user where username='"+un+"'"+" and password='"+pw+"'";
//select * from user where username='fgh' and password='123456'
ResultSet resultSet = statement.executeQuery(sql);
if(!resultSet.next()){
System.out.println("失败");
}else{
System.out.println("成功");
}
resultSet.close();
statement.close();
conn.close();
}
弊端:sql注入
由于是先将字符串写入 sql 语句,所以系统无法区分是字符还是关键字
倘若输出这样的字符串
String un = "1' or '1'='1";
String pw = "1' or '1'='1";
此时系统会判定为
select * from user where username=' 1'or '1'='1 '
and password=' 1' or '1'='1 '
这样的查询语句恒为真,必定通过判定
2、方法二:prepareStatement 执行器
避免了sql注入,首先发送 sql 的格式,然后再传递参数(参数中有关键字也作为参数执行)
prepareStatement传参:通过set数据类型(int prepareIndex,数据类型 x)
注意:prepareIndex 是从1开始
public static void main(String[] args) throws Exception{
Class.forName("com.mysql.jdbc.Driver");
Connection conn = DriverManager.getConnection(
"jdbc:mysql://master:3306/fghdata", "root", "123456");
String un = "fgh";
String pw = "123456";
String sql =
"select * from user where username=? and password=?";
// 执行器
// 先把sql模板传入到执行器
PreparedStatement ps = conn.prepareStatement(sql);
// 传递参数 下标从1开始
ps.setString(1,un);
ps.setString(2,pw);
ResultSet resultSet = ps.executeQuery();
if(!resultSet.next()){
System.out.println("失败");
}else{
System.out.println("成功");
}
resultSet.close();
ps.close();
conn.close();
}
3、整合版
// username password
// 1.验证用户名 2.验证密码
public class LoginFinal {
static Connection conn = null;
static{
try {
Class.forName("com.mysql.jdbc.Driver");
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
try {
conn = DriverManager.getConnection(
"jdbc:mysql://master:3306/fghdata", "root", "123456");
} catch (SQLException e) {
e.printStackTrace();
}
}
public static void main(String[] args) throws Exception{
Class.forName("com.mysql.jdbc.Driver");
Connection conn = DriverManager.getConnection(
"jdbc:mysql://master:3306/fghdata", "root", "123456");
Scanner sc = new Scanner(System.in);
String un = sc.next();
String pw = sc.next();
System.out.println(login(un, pw));
}
public static String login(String un,String pw)throws Exception{
String sql = "select * from user where username=?";
PreparedStatement ps = conn.prepareStatement(sql);
ps.setString(1,un);
ResultSet rs1 = ps.executeQuery();
if(!rs1.next()){
return "无此用户";
}
String sq2 = "select * from user where username=? and password=?";
PreparedStatement ps2 = conn.prepareStatement(sq2);
ps2.setString(1,un);
ps2.setString(2,pw);
ResultSet rs2 = ps2.executeQuery();
if(!rs2.next()){
return "账号或密码错误";
}
return "登录成功";
}
}
4、方法三:工具类 JDBCUtil
针对大量的重复操作,优先编写工具类
囊括大量常用操作,便于直接引用
import java.io.InputStream;
import java.sql.*;
import java.util.Properties;
public class JDBCUtil {
//各种需要提前设置的静态变量
private static String DRIVER;
private static String URL;
private static String USERNAME;
private static String PASSWORD;
private static Connection conn;
private static PreparedStatement ps = null;
private static ResultSet rs = null;
static{
try{
//加载器
Properties properties = new Properties();
//反射
InputStream is = JDBCUtil.class.getClassLoader()
.getResourceAsStream("mysql.properties");
//获取内容
properties.load(is);
DRIVER = properties.getProperty("driver");
//System.out.println(DRIVER);
URL = properties.getProperty("url");
USERNAME = properties.getProperty("username");
PASSWORD = properties.getProperty("password");
Class.forName(DRIVER);
conn = DriverManager.getConnection(URL, USERNAME, PASSWORD);
}catch(Exception e){
e.printStackTrace();
}
}
//获取连接(别的类调用JDBCUtil时 可以获取到conn)
public static Connection getconn(){
return conn;
}
// 获取执行器
public static PreparedStatement getPS(String sql){
try {
ps = conn.prepareStatement(sql);
} catch (SQLException e) {
e.printStackTrace();
}
return ps;
}
//获取查询ExecuteQuery结果集 Execute 处决
public static ResultSet getEQ(){
try {
rs = ps.executeQuery();
} catch (SQLException e) {
e.printStackTrace();
}
return rs;
}
//获取增删改ExecuteUpdate结果集
public static int getEU(){
int i = 0;
try {
i = ps.executeUpdate();
} catch (SQLException e) {
e.printStackTrace();
}
return i;
}
//可变参数(String... args) 字符串数组
public static void setPS(String...args){
for (int i = 0; i < args.length; i++) {
try {
ps.setString(i+1,args[i]);
} catch (SQLException e) {
e.printStackTrace();
}
}
}
//关闭
public static void cloAll(){
if(rs != null){
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (ps != null){
try {
ps.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if(conn != null){
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
5、工具类的实际使用
import mysql.day35.JDBCUtil;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Scanner;
public class UserLogin {
public static void main(String[] args) {
System.out.println(login());
JDBCUtil.cloAll();
}
public static String login(){
Scanner sc = new Scanner(System.in);
String username = sc.next();
String password = sc.next();
JDBCUtil.getconn();
//验证用户名是否存在
String sql1 = "select * from user where username=?";
JDBCUtil.getPS(sql1);
JDBCUtil.setPS(username);
ResultSet rs1 = JDBCUtil.getEQ();
try {
if(rs1.next() != true){
return "用户名不存在";
}
} catch (SQLException e) {
e.printStackTrace();
}
//验证用户名,密码是否匹配
String sql2 = "select * from user where username=? and password=?";
//装填sql语句
JDBCUtil.getPS(sql2);
JDBCUtil.setPS(username,password);
//获取查询结果
ResultSet rs2 = JDBCUtil.getEQ();
try {
if(rs2.next() != true){
return "用户名或密码错误";
}
} catch (SQLException e) {
e.printStackTrace();
}
return "登录成功";
}
}