java [30] jdbc增删改查

其他 2018-09-04 14:00:43 阅读次数: 0

 增删改查的操作:

import java.sql.DriverManager;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;

public class Demo1 {

	/**
	 * @param args
	 */
	public static void main(String[] args) {
		// TODO Auto-generated method stub
		//Demo1.Read();
		//Creat();
		//Update();
		Delete();
	}
	//删除数据
	static void Delete(){
		Connection conn = null;
		Statement st = null;
		ResultSet rs = null;
		try {
			conn = jdbcUtils.getConnection();
			//3.创建语句
			st = conn.createStatement();
			//String sql = "insert into T1(name,passwd,salary) values ('wangwu','123456',5000)";
			//String sql = "update T1 set salary=salary +10";
			String sql = "delete from T1 where id>2";
			
			//4.执行语句
			int i = st.executeUpdate(sql);
			
			//5.处理结果
			System.out.println("i=" + i);
		} catch (Exception e) {
			// TODO: handle exception
			e.printStackTrace();
				
		}finally {
			//6.释放资源
			//jdbcUtils.free(rs,st,conn);
			jdbcUtils.free(rs, st, conn);
		}
	}
	//更新数据
	static void Update(){
		Connection conn = null;
		Statement st = null;
		ResultSet rs = null;
		try {
			conn = jdbcUtils.getConnection();
			//3.创建语句
			st = conn.createStatement();
			//String sql = "insert into T1(name,passwd,salary) values ('wangwu','123456',5000)";
			String sql = "update T1 set salary=salary+10";
			
			//4.执行语句
			int i = st.executeUpdate(sql);
			
			//5.处理结果
			System.out.println("i=" + i);
		} catch (Exception e) {
			// TODO: handle exception
			e.printStackTrace();
				
		}finally {
			//6.释放资源
			//jdbcUtils.free(rs,st,conn);
			jdbcUtils.free(rs, st, conn);
		}
	}
		
	static void Read(){
		Connection conn = null;
		Statement st = null;
		ResultSet rs = null;
		try {
			conn = jdbcUtils.getConnection();
			//3.创建语句
			st = conn.createStatement();
			
			//4.执行语句
			rs = st.executeQuery("select id,name,passwd,salary from T1");
			
			//5.处理结果
			while (rs.next()) {
				System.out.println(rs.getObject("id")+ "\t" 
						+rs.getObject("name")
						+ "\t"+rs.getObject("passwd")+"\t" +
						rs.getObject("salary"));
				
			}
		} catch (Exception e) {
			// TODO: handle exception
			e.printStackTrace();
				
		}finally {
			//6.释放资源
			//jdbcUtils.free(rs,st,conn);
			jdbcUtils.free(rs, st, conn);
		}
		
		
		
	}
	//添加数据
	static void Creat(){
		Connection conn = null;
		Statement st = null;
		ResultSet rs = null;
		try {
			conn = jdbcUtils.getConnection();
			//3.创建语句
			st = conn.createStatement();
			String sql = "insert into T1(name,passwd,salary) values ('wangwu','123456',5000)";
			
			//4.执行语句
			int i = st.executeUpdate(sql);
			
			//5.处理结果
			System.out.println("i=" + i);
		} catch (Exception e) {
			// TODO: handle exception
			e.printStackTrace();
				
		}finally {
			//6.释放资源
			//jdbcUtils.free(rs,st,conn);
			jdbcUtils.free(rs, st, conn);
		}
		
		
		
	}

}

这种模式容易导致sql注入的问题,比如:


import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;

public class SqlInject {

	/**
	 * @param args
	 */
	public static void main(String[] args) {
		// TODO Auto-generated method stub
		//Read("zhangsan");
		//sql注入
		Read("'or 1 or'");
		
	}
	static void Read(String name){
		Connection conn = null;
		Statement st = null; 
		ResultSet rs = null;
		try {
			conn = jdbcUtils.getConnection();
			//3.创建语句
			st = conn.createStatement();
			
			//4.执行语句
			String sql = "select id,name,passwd,salary from T1 where name='" + name+"'";
			rs = st.executeQuery(sql);
			
			//5.处理结果
			while (rs.next()) {
				System.out.println(rs.getObject("id")+ "\t" 
						+rs.getObject("name")
						+ "\t"+rs.getObject("passwd")+"\t" +
						rs.getObject("salary"));
				
			}
		} catch (Exception e) {
			// TODO: handle exception
			e.printStackTrace();
				
		}finally {
			//6.释放资源
			//jdbcUtils.free(rs,st,conn);
			jdbcUtils.free(rs, st, conn);
		}
		
		
		
	}

}

执行结果:

1	zhangsan	hello	3010
2	lisi	wowo	5010

获取了所有的数据,

处理办法:PreparedStatement  解决sql注入问题,并且速度比Statement更快;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;

public class SqlInject {

	/**
	 * @param args
	 */
	public static void main(String[] args) {
		// TODO Auto-generated method stub
		Read("zhangsan");
		//sql注入
		//Read("'or 1 or'");
		
	}
	static void Read(String name){
		Connection conn = null;
		PreparedStatement ps = null; 
		ResultSet rs = null;
		try {
			conn = jdbcUtils.getConnection();
			//3.创建语句
			//查询
			String sql = "select id,name,passwd,salary from T1 where name=?";
			ps = conn.prepareStatement(sql);
			//传值   替换第一个参数
			ps.setString(1, name);
			
			//4.执行语句
			rs = ps.executeQuery();
			
			//5.处理结果
			while (rs.next()) {
				System.out.println(rs.getObject("id")+ "\t" 
						+rs.getObject("name")
						+ "\t"+rs.getObject("passwd")+"\t" +
						rs.getObject("salary"));
				
			}
		} catch (Exception e) {
			// TODO: handle exception
			e.printStackTrace();
				
		}finally {
			//6.释放资源
			//jdbcUtils.free(rs,st,conn);
			jdbcUtils.free(rs, ps, conn);
		}
		
		
		
	}

}

时间处理;将java.util中的时间转化为java。sql中的date ,插入时间

//时间处理,将java.util中的时间转化为java。sql中的date
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Date;

public class Datetest {

	/**
	 * @param args
	 */
	public static void main(String[] args) {
		// TODO Auto-generated method stub
		Creat("haha", "jiji", 3000.0f, new Date());

	}
	//添加数据
		static void Creat(String name,String passwd,float salary,Date birthday){
			Connection conn = null;
			PreparedStatement ps = null;
			ResultSet rs = null;
			try {
				conn = jdbcUtils.getConnection();
				//3.创建语句
				String sql = "insert into T1(name,passwd,salary,birthday) values (?,?,?,?)";
				ps = conn.prepareStatement(sql);
				ps.setString(1, name);
				ps.setString(2, passwd);
				ps.setFloat(3, salary);
				ps.setDate(4, new java.sql.Date(birthday.getTime()));
				
				//4.执行语句
				int i = ps.executeUpdate();
				
				//5.处理结果
				System.out.println("i=" + i);
			} catch (Exception e) {
				// TODO: handle exception
				e.printStackTrace();
					
			}finally {
				//6.释放资源
				//jdbcUtils.free(rs,st,conn);
				jdbcUtils.free(rs, ps, conn);
			}
			
			
			
		}

}

数据库取出时间:

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Date;

public class Dateread {

	/**
	 * @param args
	 */
	public static void main(String[] args) {
		// TODO Auto-generated method stub
			Date te = Read(1);
			System.out.println(te);
	}
	static Date Read(int id){
		Connection conn = null;
		Statement st = null;
		ResultSet rs = null;
		Date birthday = null;
		try {
			conn = jdbcUtils.getConnection();
			//3.创建语句
			st = conn.createStatement();
			
			//4.执行语句
			rs = st.executeQuery("select birthday from T1 where id =" +id);
			
			//5.处理结果
			while (rs.next()) {
				birthday = new Date(rs.getDate("birthday").getTime());
				//birthday = rs.getDate("birthday");
				
			}
		} catch (Exception e) {
			// TODO: handle exception
			e.printStackTrace();
				
		}finally {
			//6.释放资源
			//jdbcUtils.free(rs,st,conn);
			jdbcUtils.free(rs, st, conn);
		}
		
		return birthday;
		
	}

}

猜你喜欢

转载自blog.csdn.net/qq_38125626/article/details/81915184
今日推荐
Arc Browser for Windows 1.0 正式 GA
90后程序员开发视频搬运软件、不到一年获利超 700 万,结局很刑!
《美国对全球网络空间安全与发展的威胁和破坏》报告发布
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
周排行
rbac——界面、权限
Apache CXF + SpringMVC 整合发布WebService
so插件化
Vue.js实战系列---图标字体制作(svg格式)
PAT乙级 1007 素数对猜想(孪生素数对) (20分) ---(C语言 + 详细注释)
被IRM保护的文档,打开失败
Calendar和Date计算日期差的小问题
win10子系统ubuntu18.4安装docker
利用Wrap Shell Script定位Android Native内存泄漏
MySQL: Transaction (Part I - Basic Concept)
每日归档
更多
2024-05-03(19)
2024-05-02(0)
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022