JDBC: database connectivity java database connectivity
###properties
Properties object, used to read the data in the *.properties property configuration file
-Why use: The previous way of writing is to hard-code the database connection information in the .java class. If you need to modify it, you must go to the java class to find the corresponding code. This method requires the staff to understand the code.
However, after using properties, the database connection information can be written in the configuration file, and there is no need to pay attention to the code when modifying
###DBCP database connection pool
- A set of APIs for managing database connections
- Why use database connection pool:
If there is no connection pool, each interaction between the web server and the database server needs to establish and close the connection. If there are 10,000 requests, there will be 10,000 switch connections, which consumes resources very much.
Using the connection pool, you can set an initial number of connections during initialization. The connection pool will establish several initial connections immediately. If there is a need to interact with the database, it will check whether there are idle connections from the connection pool.
If there is, it will be returned to the connection pool when it is used up. If there is no idle time, it will be returned after waiting for other links to be used up. This can greatly reduce the number of switch connections between the web server and the database server, thereby improving the execution efficiency.
####PrepareStatement
-benefit:
1. Because the use of PrepareStatement has a pre-compilation effect, when data is inserted multiple times, it only needs to be compiled once, so the execution efficiency is high (the effect is not obvious)
2. The code is more readable and easy to write
3. With pre-compilation effect, it can prevent sql injection, because the logic of sql has been fixed when sql is pre-compiled, if the content of the replacement? contains sql keywords related to logic, it will not take effect (such as or)
- If there is a variable value in the executed sql statement, use prepareStatement, if there is no variable value, you can use statement
###sql注入的语句: password='' or '1'='1'
创建一张login_user表(id,username,password)
create table login_user(id int primary key auto_increment,username varchar(10),password varchar(10));
insert into login_user values(null,'libai','admin'),(null,'xiao,ming','admin');
以下是
select count(*) from login_user where username=? and password=?
DBUtils:数据库连接的工具类
DBCPDemo:演示数据库连接池
DBUtilsDemo1:演示增删改查
PropertiesDemo:演示Properties