PreparedStatmen局处理语句(注入)(获取自增主键)
public class PreparedStatmentDemo { public static void main(String[] args) { try { //var:定义变量 var c =new DbUtil().getConn(); PreparedStatement ps = c.prepareStatement("select *from stu"); ResultSet rs =ps.executeQuery(); while(rs.next()){ System.out.print(rs.getInt("id")); System.out.print(","); System.out.print(rs.getString("name")); System.out.println(rs.getString("score")); //时间 // Date bir = rs.getDate("birth"); // SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); // System.out.println(sdf.format(bir)); } } catch (SQLException throwables) { throwables.printStackTrace(); } } }
链接数据库类
private String driver = "com.mysql.cj.jdbc.Driver"; private String url = "jdbc:mysql:/db1"; private String user = "aa"; private String password = ""; private Connection conn = null;//Connection链接语句 public DbUtil() { try { Class.forName(driver); conn = DriverManager.getConnection(url, user, password); } catch (Exception e) { e.printStackTrace(); } }
插入、删除、修改、查询
public static void main(String[] args) { //数据插入 try { var c =new DbUtil().getConn(); PreparedStatement is = c.prepareStatement("insert into stu3(gender,name,score,birth,dept) values(?,?,?,?,?)"); is.setString(2,"李四"); is.setString(1,"男"); is.setInt(3,85); is.setString(5,"艺术"); //is.setDate(4, java.sql.Date.valueOf(LocalDate.of(1985,10,20))); is.setDate(4, Date.valueOf("1985-10-20"));//生日 // int rows = is.executeUpdate();//执行更新返回int // System.out.println(rows); //数据删除 is = c.prepareStatement("delete from stu where id=?"); is.setInt(1,14); // int ro =is.executeUpdate(); // System.out.println(ro); //修改数据 is =c.prepareStatement("update stu set name=?,score=? where id=?"); is.setString(1,"肉丝");//指定姓名、成绩、id is.setString(2,"99"); is.setInt(3,4); // int ro = is.executeUpdate(); // System.out.println(ro); //数据查询 is = c.prepareStatement("select *from stu3"); ResultSet rs =is.executeQuery();//查询需要添加结果集 while (rs.next()){ System.out.println(rs.getInt("id")); System.out.println(rs.getString("name")); System.out.println(rs.getString("score")); System.out.println(rs.getString("gender")); System.out.println(rs.getString("dept")); System.out.println(rs.getInt("score")); Date bir = rs.getDate("birth"); SimpleDateFormat sd = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); System.out.println(sd.format(bir)); } } catch (SQLException throwables) { throwables.printStackTrace(); } }
正常登陆
public static void main(String[] args) { try { String a="a"; String p="123"; var c= new DbUtil().getConn(); Statement st = c.createStatement(); ResultSet rs = st.executeQuery("select count(*) from muser where account ='"+a+"'and passwd ='"+p+"'"); rs.next(); if (rs.getInt(1)>0){ System.out.println("登陆成功"); }else { System.out.println("失败"); } } catch (SQLException throwables) { throwables.printStackTrace(); } }
注入
public static void main(String[] args) { try { String a="a"; String p="123"; //Sql注入 a=" or 1=1 or 1=1;--"; p="asds"; var c= new DbUtil().getConn(); Statement st = c.createStatement(); System.out.println("select count(*) from muser where account='"+a+"' and passwd='"+p+"'"); ResultSet rs = st.executeQuery("select count(*) from muser where account = '" + a + "' and passwd = '" + p + "'"); rs.next(); if (rs.getInt(1)>0){ System.out.println("登陆成功"); }else { System.out.println("失败"); } } catch (SQLException throwables) { throwables.printStackTrace(); } }
获取自增主键
public static void main(String[] args) { try { var c =new DbUtil().getConn(); Statement st = c.createStatement(); // int i =st.executeUpdate("insert stu values(301,'六级爱国',70)",1);//自定义主键 int i =st.executeUpdate("insert stu(name,score) values ('离墙',100)",1);//自增主键 System.out.println(i); //getGeneratedKeys(获取生成主键) ResultSet rs2 =st.getGeneratedKeys(); if (rs2.next()){//输出获取的主键 System.out.println(rs2.getInt(1)); } } catch (SQLException throwables) { throwables.printStackTrace(); } }
浙公网安备 33010602011771号