基本介绍:
1.PreparedStatement执行的SQL语句中的参数用问号(?)来表示,调用PreparedStatement对象的setXxx()方法来设置这些参数,setXxx()方法有两个参数,第一个参数是要设置SQL语句中的参数的索引(从1开始),第二个是要设置SQL语句中的参数的值
2.调用executeQuery():返回ResultSet对象
3.调用executeUpdate():执行更新,包括(增、删、改)
预处理好处:1.减少语法错误
2.有效的解决了sql注入问题
3.大大减少了编译次数,效率更高
package chapter01;
//演示PreparedStatement的使用
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.sql.*;
import java.util.Properties;
import java.util.Scanner;
public class PreparedStatement_ {
public static void main(String[] args) throws IOException, ClassNotFoundException, SQLException {
Scanner scanner = new Scanner(System.in);
//让用户输入管理员名和密码
System.out.println("请输入管理员的名字:");
String adminName = scanner.nextLine();//nextLine,next():当接收到空格或'表示结束
System.out.println("请输入管理员的密码:");
String adminPosswd = scanner.nextLine();
//通过Properties对象获取配置文件的信息
Properties properties = new Properties();
properties.load(new FileInputStream("src\mysql.properties"));
//获取相关的值
String user = properties.getProperty("user");
String password = properties.getProperty("password");
String driver = properties.getProperty("driver");
String url = properties.getProperty("url");
//注册驱动
Class> class01 = Class.forName(driver);
//得到连接
Connection connection = DriverManager.getConnection(url, user, password);
//组织SQL,SQL中?相当于占位符
String sql = "select name,posswd from jh_db02 where name =? and posswd = ?";
//得到preparedStatement(preparedStatement对象实现了PreparedStatement接口的实现类的对象)
PreparedStatement preparedStatement = connection.prepareStatement(sql);
//给?赋值
preparedStatement.setString(1,adminName);
preparedStatement.setString(2,adminPosswd);
//执行select语句使用executeQuery,如果执行的是dml(update、insert、delete)使用executeUpdate()
// 执行executeQuery时,不用写sql,因为已经被处理过了
ResultSet resultSet = preparedStatement.executeQuery();
if (resultSet.next()){//如果查询到一条记录,则说明存在
System.out.println("登陆成功...");
}else {
System.out.println("登陆失败...");
}
//关闭连接
resultSet.close();
preparedStatement.close();
connection.close();
}
}
预处理DML
package chapter01;
import java.io.FileInputStream;
import java.io.IOException;
import java.sql.*;
import java.util.Properties;
import java.util.Scanner;
//演示PreparedStatementz中使用DML语句
public class PreparedStatementDML {
public static void main(String[] args) throws IOException, ClassNotFoundException, SQLException {
Scanner scanner = new Scanner(System.in);
//让用户输入管理员名和密码
System.out.println("请输入管理员的名字:");
String adminName = scanner.nextLine();//nextLine,next():当接收到空格或'表示结束
System.out.println("请输入管理员的密码:");
String adminPosswd = scanner.nextLine();
//通过Properties对象获取配置文件的信息
Properties properties = new Properties();
properties.load(new FileInputStream("src\mysql.properties"));
//获取相关的值
String user = properties.getProperty("user");
String password = properties.getProperty("password");
String driver = properties.getProperty("driver");
String url = properties.getProperty("url");
//注册驱动
Class> class01 = Class.forName(driver);
//得到连接
Connection connection = DriverManager.getConnection(url, user, password);
//组织SQL,SQL中?相当于占位符
//添加信息
String sql01 = "insert into jh_db02 values(?,?)";
//修改信息
//String sql02 = "update jh_db02 set posswd = ? where name = ?";
//得到preparedStatement(preparedStatement对象实现了PreparedStatement接口的实现类的对象)
PreparedStatement preparedStatement = connection.prepareStatement(sql01);
//给?赋值
preparedStatement.setString(1,adminName);
preparedStatement.setString(2,adminPosswd);
//执行select语句使用executeQuery,如果执行的是dml(update、insert、delete)使用executeUpdate()
// 执行DML语句时,不用写sql,因为已经被处理过了
int i = preparedStatement.executeUpdate();
System.out.println(i > 0 ? "执行成功" :"执行失败");
//关闭连接
preparedStatement.close();
connection.close();
}
}