1. Use of PreparedStatement
1. Why use PreparedStatement
SQL injection problems will occur when logging in and using Statement
For example: the password is set to 'OR 1=1 OR', you can test the effect of SQL injection
Second, the use of PreparedStatement
You can use SQL statement templates
Corresponding value use? Placeholder
Don't forget? The value in the later needs to be set
Three, PreparedStatement and Statement comparison
PreparedStatement: prepared statement object
1 Allowing us to write SQL templates can avoid the trouble of string splicing. Caution:? Only write in specific places
2 Avoid SQL injection problems (as long as the characters are spliced, there is a danger of SQL injection)
3 PreparedStatement performs better than Statement in some databases
2. Things
Four characteristics of transactions (ACID)
Atomicity (Atomicity) Atomicity means that a transaction is an indivisible unit of work, and the operations in the transaction either all happen or never happen.
**Consistency** The integrity of the data before and after the transaction must be consistent.
**Isolation** Transaction isolation is when multiple users access the database concurrently, the transaction opened by the database for each user cannot be interfered by the operation data of other transactions, and multiple concurrent transactions must be isolated from each other .
**Durability (Durability) **Durability means that once a transaction is committed, its changes to the data in the database are permanent, and then even if the database fails, it should not have any impact on it.
3. Back to the primary key
After adding data, the primary key value of the data will be returned. Function key: Statement.RETURN_GENERATED_KEYS
public class HW3 {
@Test
public void testPK() throws Exception {
Connection conn = JDBCUtil.getConnection();
PreparedStatement pr = conn.prepareStatement("insert into people (name,password) values (?,?)",
Statement.RETURN_GENERATED_KEYS);
pr.setString(1, "麦克格雷迪");
pr.setString(2, "1");
pr.executeUpdate();
ResultSet ge = pr.getGeneratedKeys();
while (ge.next()) {
System.out.println(ge.getLong(1));
}
JDBCUtil.close(ge, pr, conn);
}
}
4. Connection pool
It is the container that holds the connection object, which can greatly improve the performance of our database operation
1. Four King Kong (required)
- Drive name
driverClassName
- Address path
url
- username
username
- password
password
2. Other common attributes
- Initial connections
initialSize
- Maximum number of connections
MaxActive
- Maximum waiting time
maxWait
- …
3. DBCP function realization
①, guide package:
commons-dbcp-1.4.jar
: Function package of data source
commons-pool-1.5.6.jar`: pool package
②, prepare jdbc.properties
③ Use key objects: BasicDataSource
/ Use BasicDataSourceFactory
factory in one step
④、DBCPUtil
: Connection pool tools