浅谈JDBC的使用
好久没有用JDBC了,今天复习了一下数据库常见操作的实现,一开始的时候还因为整出了好几个错误,看来程序一日不写就会手生,所以在这里记录一下今天的复习进度
本次环境,Java 版本是 java version "1.8.0_144" mysql版本是 '5.7.29-log',jdbc驱动包是 mysql-connector-java-8.0.20.jar
CREATE TABLE `student` (\n `id` int(11) DEFAULT NULL,\n `name` varchar(20) DEFAULT NULL\n) ENGINE=InnoDB DEFAULT CHARSET=latin1
下面是具体的代码实现 :
1 public static void test01() 2 { 3 Connection conn = null; 4 Statement stamt = null; 5 try { 6 //获取驱动 7 Class.forName("com.mysql.cj.jdbc.Driver"); 8 //获取连接 9 conn = DriverManager.getConnection("jdbc:mysql://@localhost:3306/jdbcdemo?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=UTC","root","root"); 10 //获取执行对象 11 stamt = conn.createStatement(); 12 // int count = stamt.executeUpdate("update student set id = 2 "); 13 14 int count = stamt.executeUpdate("insert into student values(3,'ls')"); 15 if(count>0) 16 { 17 System.out.println("更新成功"); 18 } 19 }catch (SQLException e) { 20 // TODO Auto-generated catch block 21 e.printStackTrace(); 22 } catch (ClassNotFoundException e) { 23 // TODO Auto-generated catch block 24 e.printStackTrace(); 25 } finally { 26 try { 27 if(stamt!=null)stamt.close(); 28 if(conn!=null)conn.close(); 29 } catch (SQLException e) { 30 // TODO Auto-generated catch block 31 e.printStackTrace(); 32 } 33 } 34 }
普通更新
1 public static void test02() 2 { 3 4 Connection conn = null; 5 Statement stamt = null; 6 ResultSet rs = null; 7 try { 8 //获取驱动 9 Class.forName("com.mysql.cj.jdbc.Driver"); 10 //获取连接 11 conn = DriverManager.getConnection("jdbc:mysql://@localhost:3306/jdbcdemo?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=UTC","root","root"); 12 //获取执行对象 13 stamt = conn.createStatement(); 14 // int count = stamt.executeUpdate("update student set id = 2 "); 15 16 // int count = stamt.executeUpdate("insert into student values(3,'ls')"); 17 18 rs = stamt.executeQuery("select * from student"); 19 while(rs.next()) 20 { 21 System.out.println(rs.getInt("id")+"---"+rs.getString("name")); 22 } 23 24 25 }catch (SQLException e) { 26 // TODO Auto-generated catch block 27 e.printStackTrace(); 28 } catch (ClassNotFoundException e) { 29 // TODO Auto-generated catch block 30 e.printStackTrace(); 31 } finally { 32 try { 33 if(rs!=null)rs.close(); 34 if(stamt!=null)stamt.close(); 35 if(conn!=null)conn.close(); 36 } catch (SQLException e) { 37 // TODO Auto-generated catch block 38 e.printStackTrace(); 39 } 40 } 41 }
普通查找
下面是对存储过程的调用
存储过程如下:
1 CREATE PROCEDURE `addnum`(in num1 int, in num2 int, out num3 int)\nbegin\n set num3 = num1+num2 ;\n \nend'
调用程序如下:
1 public static void test03() { 2 Connection conn = null; 3 CallableStatement cstamt = null; 4 ResultSet rs = null; 5 try { 6 //获取驱动 7 Class.forName("com.mysql.cj.jdbc.Driver"); 8 //获取连接 9 conn = DriverManager.getConnection("jdbc:mysql://@localhost:3306/jdbcdemo?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=UTC","root","root"); 10 //获取执行对象 11 // stamt = conn.createStatement(); 12 // int count = stamt.executeUpdate("update student set id = 2 "); 13 14 // int count = stamt.executeUpdate("insert into student values(3,'ls')"); 15 16 // rs = stamt.executeQuery("select * from student"); 17 // while(rs.next()) 18 // { 19 // System.out.println(rs.getInt("id")+"---"+rs.getString("name")); 20 // } 21 // 22 cstamt = conn.prepareCall("{ call addnum(?,?,?)}"); 23 cstamt.setInt(1, 10); 24 cstamt.setInt(2, 50); 25 cstamt.registerOutParameter(3, Types.INTEGER); 26 cstamt.execute(); 27 System.out.println(cstamt.getInt(3)); 28 29 }catch (SQLException e) { 30 // TODO Auto-generated catch block 31 e.printStackTrace(); 32 } catch (ClassNotFoundException e) { 33 // TODO Auto-generated catch block 34 e.printStackTrace(); 35 } finally { 36 try { 37 if(rs!=null)rs.close(); 38 if(cstamt!=null)cstamt.close(); 39 if(conn!=null)conn.close(); 40 } catch (SQLException e) { 41 // TODO Auto-generated catch block 42 e.printStackTrace(); 43 } 44 } 45 46 }
下面是对自定义函数的调用
函数如下:
1 CREATE DEFINER=`root`@`localhost` FUNCTION `addnum`(a int, b int ) RETURNS int(11)\nbegin\n \n return a+b;\nend
调用过程如下:
该调用过程比较类似于对查询语句的调用,对返回的结果进行遍历
1 public static void test04() 2 { 3 Connection conn = null; 4 CallableStatement cstamt = null; 5 ResultSet rs = null; 6 try { 7 //获取驱动 8 Class.forName("com.mysql.cj.jdbc.Driver"); 9 //获取连接 10 conn = DriverManager.getConnection("jdbc:mysql://@localhost:3306/jdbcdemo?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=UTC","root","root"); 11 //获取执行对象 12 // stamt = conn.createStatement(); 13 // int count = stamt.executeUpdate("update student set id = 2 "); 14 15 // int count = stamt.executeUpdate("insert into student values(3,'ls')"); 16 17 // rs = stamt.executeQuery("select * from student"); 18 // while(rs.next()) 19 // { 20 // System.out.println(rs.getInt("id")+"---"+rs.getString("name")); 21 // } 22 // 23 cstamt = conn.prepareCall("select addnum(?,?)"); 24 cstamt.setInt(1, 10); 25 cstamt.setInt(2, 20); 26 27 rs = cstamt.executeQuery(); 28 while(rs.next()) 29 { 30 System.out.println(rs.getInt(1)); 31 } 32 33 34 }catch (SQLException e) { 35 // TODO Auto-generated catch block 36 e.printStackTrace(); 37 } catch (ClassNotFoundException e) { 38 // TODO Auto-generated catch block 39 e.printStackTrace(); 40 } finally { 41 try { 42 if(rs!=null)rs.close(); 43 if(cstamt!=null)cstamt.close(); 44 if(conn!=null)conn.close(); 45 } catch (SQLException e) { 46 // TODO Auto-generated catch block 47 e.printStackTrace(); 48 } 49 } 50 51 }
本次过程我并没有使用PreparedStatement 对象,主要是因为这个使用方式与上述调用自定义函数时的
CallableStatement 对象很像 ,所以就没有单独再写一次。
最后提下注入攻击, 大家可以尝试在使用 Statement 对象,在字符串拼接时,如果参数是 “ 1 or 1=1 -- ”会造成的效果,当时这只是一种方式。大家可以再研究
浙公网安备 33010602011771号