//这里使用安全的执行sql语句的方法,sql语句预编译,防止sql注入攻击
//演示手动输入参数
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.Scanner;
public class TestPrestatement {
public static void main(String[] args) {
try {
// 加载驱动
Class.forName("com.mysql.jdbc.Driver");
// 获得连接对象
String url = "jdbc:mysql://localhost:3306/db_jdbcdemo?characterEncoding=utf-8";
String user = "root";
String password = "root";
Connection con = DriverManager.getConnection(url, user, password);
Scanner in = new Scanner(System.in);
System.out.println("输入用户名");
String myname = in.next();
System.out.println("输入密码");
String mypass = in.next();
String sql = "insert into user(`name`,`pass`)value(?,?)";
PreparedStatement pre = con.prepareStatement(sql);
pre.setObject(1, myname);//设置第一个问号的值
pre.setObject(2, mypass);//设置第二个问号的值
int row = pre.executeUpdate();
System.out.println(row);
pre.close();
con.close();
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
演示查询
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Scanner;
public class TestPrestatement {
public static void main(String[] args) {
try {
// 加载驱动
Class.forName("com.mysql.jdbc.Driver");
// 获得连接对象
String url = "jdbc:mysql://localhost:3306/db_jdbcdemo?characterEncoding=utf-8";
String user = "root";
String password = "root";
Connection con = DriverManager.getConnection(url, user, password);
Scanner in = new Scanner(System.in);
System.out.println("输入用户名查询信息");
String myname = in.next();
String sql = "select * from user where name = ?";
PreparedStatement pre = con.prepareStatement(sql);
pre.setObject(1, myname);//设置第一个问号的值
ResultSet rs = pre.executeQuery();
while(rs.next()) {
System.out.println(rs.getInt("id")+" "+rs.getString("name")+" "+rs.getString("pass"));
}
pre.close();
con.close();
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
}
}
}