ステートメントを使用するデメリット: SQL ステートメントを綴る必要があり、SQL インジェクションの問題がある
解決策: Statement の代わりにPreparedStatement (Statement から拡張) を使用してください。
mysql設定: jdbc.properties
#mysql配置
user=root
password=root
url=jdbc:mysql://localhost:3306/java?serverTimezone=Asia/Shanghai
driverClass=com.mysql.cj.jdbc.Driver
JDBCUtils リンク データベース
package JDBCUtil;
import JDBCTest.PreperdStatementUpdateTest;
import java.io.IOException;
import java.io.InputStream;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Properties;
/**
* @Author HLY
* @Create 2019-12-05 12:55
*/
public class JDBCUtils {
public static Connection getConnection() throws IOException, ClassNotFoundException, SQLException {
InputStream inputStream= JDBCUtils.class.getClassLoader().getResourceAsStream("jdbc.properties");
Properties properties=new Properties();
properties.load(inputStream);
String user=properties.getProperty("user");
String password=properties.getProperty("password");
String url=properties.getProperty("url");
String driverClass=properties.getProperty("driverClass");
//加载驱动
Class.forName(driverClass);
//获取链接
Connection connection = DriverManager.getConnection(url, user, password);
return connection;
}
public void closeResource(Connection connection, Statement preparedStatement) throws SQLException {
//资源关闭
if (connection!=null){
connection.close();
}
if (preparedStatement!=null){
preparedStatement.close();
}
}
}
ユーザーオブジェクト
package JDBCStatement;
/**
* @Author HLY
* @Create 2019-12-17 11:39
*/
public class User {
private String user;
private String password;
public User (){
}
public User (String user,String password){
this.user=user;
this.password=password;
}
public String getUser() {
return user;
}
public void setUser(String user) {
this.user = user;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
@Override
public String toString() {
return "User{user:"+user
+"password:"+password+"}";
}
}
ステートメントテスト
package JDBCStatement;
import JDBCUtil.JDBCUtils;
import org.junit.Test;
import java.io.IOException;
import java.lang.reflect.Field;
import java.sql.*;
import java.util.Scanner;
/**
* @Author HLY
* @Create 2019-12-17 11:39
*/
public class StatementTest {
public static void main(String[] args) {
test();
}
public static void test(){
System.out.println("请输入用户名:");
Scanner input=new Scanner(System.in);
//接受String类型
String str=input.next();
System.out.println("请输入密码:");
String ps=input.next();
String sql="SELECT user,password FROM user_login WHERE user='"+str+"' AND PASSWORD='"+ps+"'";
try {
User user1 = get(sql, User.class);
System.out.print(user1.toString());
} catch (SQLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (IllegalAccessException e) {
e.printStackTrace();
} catch (InstantiationException e) {
e.printStackTrace();
}
}
public static <T> T get(String sql, Class clazz) throws SQLException, IOException, ClassNotFoundException, IllegalAccessException, InstantiationException {
T t=null;
Connection connection = JDBCUtils.getConnection();
Statement statement = connection.createStatement();
ResultSet resultSet = statement.executeQuery(sql);
ResultSetMetaData resultSetMetaData=resultSet.getMetaData();
int columnCount=resultSetMetaData.getColumnCount();
if (resultSet.next()){
t= (T) clazz.newInstance();
for (int i=0;i<columnCount;i++){
String name=resultSetMetaData.getColumnLabel(i+1);
Object val=resultSet.getObject(name);
Field field= null;
try {
field = clazz.getDeclaredField(name);
} catch (NoSuchFieldException e) {
e.printStackTrace();
}
field.setAccessible(true);
field.set(t,val);
}
resultSet.close();
statement.close();
connection.close();
return t;
}
return null;
}
}
問題: 単体テストでスキャナーを使用すると、コンソールに入力できません
マスターがメッセージを残して説明してくれることを願っています。
コードは以下のように表示されます。
package JDBCStatement;
import JDBCUtil.JDBCUtils;
import org.junit.Test;
import java.io.IOException;
import java.lang.reflect.Field;
import java.sql.*;
import java.util.Scanner;
/**
* @Author HLY
* @Create 2019-12-17 11:39
*/
public class StatementTest {
@Test
public void test(){
System.out.println("请输入用户名:");
Scanner input=new Scanner(System.in);
//接受String类型
String str=input.next();
System.out.println("请输入密码:");
String ps=input.next();
String sql="SELECT user,password FROM user_login WHERE user='"+str+"' AND PASSWORD='"+ps+"'";
try {
User user1 = get(sql, User.class);
System.out.print(user1.toString());
} catch (SQLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (IllegalAccessException e) {
e.printStackTrace();
} catch (InstantiationException e) {
e.printStackTrace();
}
}
public <T> T get(String sql, Class clazz) throws SQLException, IOException, ClassNotFoundException, IllegalAccessException, InstantiationException {
T t=null;
Connection connection = JDBCUtils.getConnection();
Statement statement = connection.createStatement();
ResultSet resultSet = statement.executeQuery(sql);
ResultSetMetaData resultSetMetaData=resultSet.getMetaData();
int columnCount=resultSetMetaData.getColumnCount();
if (resultSet.next()){
t= (T) clazz.newInstance();
for (int i=0;i<columnCount;i++){
String name=resultSetMetaData.getColumnLabel(i+1);
Object val=resultSet.getObject(name);
Field field= null;
try {
field = clazz.getDeclaredField(name);
} catch (NoSuchFieldException e) {
e.printStackTrace();
}
field.setAccessible(true);
field.set(t,val);
}
resultSet.close();
statement.close();
connection.close();
return t;
}
return null;
}
}