table of Contents
pstm build dynamic sql
The difference between JDBC prepareStatement and Statement
prepareStatement is a sub-interface of Statement
The use steps are divided into 3 steps:
1 Create: Get preparedStatement object through connection
2, give it? Assignment (also called parameter binding)
Let's first look at the difference between JDBC prepareStatement and Statement
As shown in the figure above, two points can be summarized,
1. Using PreparedStatement is safer and solves the problem of Sql injection
2. Higher efficiency, especially when there are more calls
Compared with Statement, it is a semi-finished product.
It is a sub-interface of Statement, and the usage steps are divided into 3 steps:
1 Create: Get preparedStatement object through connection
String sql = "Select * from users_luxw where username= ? And password = password=? "
PreparedStatement pstm = conn.prepareStatemement(sql);
When creating, replace the part where the value of the Sql statement changes with a placeholder (?).
2, give it? Assignment (also called parameter binding)
Use Set[type] method to give? Assignment, which Type represents? The data type of the location. The first parameter represents the position of the question mark, starting from 1; the second parameter is the specific value, such as:
pstm.setString(1, username);
pstm.setString(2, password);
3. Execute SQL
Pstm.executeQuery();
Pstm.executeUpdate();//Used when the executive is updated
At this point, JDBC sends all the corresponding parameters to the database server, calls and executes the pre-compiled SQL created in the first step in the pool
code show as below:
package jdbc;
import java.sql.Connection;
import java.sql.Date;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
public class demoprearedStatementf {
public static void main(String[] args) {
//加载获取连接
Connection conn = null;
PreparedStatement psm = null;
ResultSet rs = null;
try {
Class.forName("com.mysql.jdbc.Driver");
//获取连接
String url = "jdbc:mysql://localhost:3306/mybase";
String user = "root";
String password = "root123";
conn = DriverManager.getConnection(url, user, password);
//3、创建一个preparedStatement对象 预编译sql语句
//查询
String sql = "select * from test where deptno = ?";
psm = conn.prepareStatement(sql);
psm.setString(1,"10");
//删除
// String sql = "delete from test where ename=? ";
// psm = conn.prepareStatement(sql);
// psm.setString(1,"小弟");
//
//修改
// String sql = "update test set job = ? where ename = ?";
// psm = conn.prepareStatement(sql);
// psm.setString(1, "manner");
// psm.setString(2, "白展堂");
// //插入
// String sql = "insert into test(ename,job,deptno) values(?,?,?)";
// psm = conn.prepareStatement(sql);
// psm.setString(1, "大白");
// psm.setString(2, "leader");
// psm.setInt(3, 20);
//4执行sql语句
// int line = psm.executeUpdate();//增删改都用 executeUpdate
// System.out.println("影响行数: "+line);
rs = psm.executeQuery();
while(rs.next()){
int empno = rs.getInt(1);
String ename = rs.getString(2);
String job = rs.getString(3);
int mgr = rs.getInt(4);
Date hiredata = rs.getDate(5);
int sal = rs.getInt(6);
int commit = rs.getInt(7);
int deptno = rs.getInt(8);
System.out.println(empno+" "+ename+" "+job+" "+mgr+" "+hiredata+" "+sal+" "+commit+" "+deptno);
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
finally{
try {
rs.close();
psm.close();
conn.close();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
}