第一天:java與mysql的鏈接工具類

時間  2019-11-10
標籤 第一天 java mysql 鏈接 工具 欄目 Java 简体版
原文   原文鏈接

                          第一天:java與mysql的鏈接工具類java

java最新版立刻就要收費,這無疑是這門語言的衰敗起始,畢竟在中國收費便難發展,例如c#,可是畢業設計已經選好用java來寫一個動態網站,               mysql

這已是一個事實,仍是得學,好在一法通萬法通,不至於一無所得。sql

首先咱們要把鏈接數據庫的工具類寫好,這裏面無非就那麼幾個固定的對象、語句,數據庫

第一步,咱們須要導包,進入maven隨便選擇一個版本下載就是,網址是https://mvnrepository.com/artifact/mysql/mysql-connector-javac#

而後把jar包複製到java動態網站下的lib文件夾裏就是了,位置在/項目名/WebContent/WEB-INF/lib/mysql-connector-java-5.1.24-bin.jar安全

接下來就能夠寫鏈接類了,來個最簡單的:maven

public class Jdbc { public static final String URL = "jdbc:mysql://localhost:3306/test"; public static final String USER = "root"; public static final String PWD = "123456"; public static void main(String[] args) { //update();
 query(); } public static void update() { Connection conn = null; Statement stmt =null; PreparedStatement pstmt = null; ResultSet rs = null; try { //加載驅動類
            Class.forName("com.mysql.jdbc.Driver"); //與數據庫創建鏈接
            conn = (Connection) DriverManager.getConnection(URL,USER,PWD); //執行sql //1.statement
            /*stmt = conn.createStatement(); String sql = "insert into user values(2,'qzj',123) "; int count = stmt.executeUpdate(sql);*/
            //2.prepareStatement
            String sql = "insert into user values(?,?,?) "; pstmt = conn.prepareStatement(sql); pstmt.setInt(1, 3); pstmt.setString(2, "gg"); pstmt.setInt(3, 22); int count = pstmt.executeUpdate(); if(count > 0) { System.out.println("操做成功!"); } } catch (ClassNotFoundException e) { e.printStackTrace(); } catch (SQLException e) { e.printStackTrace(); }catch (Exception e) { e.printStackTrace(); } finally{ try { if(stmt != null) stmt.close(); if(conn != null) conn.close(); } catch (SQLException e) { // TODO Auto-generated catch block
 e.printStackTrace(); } } } public static void query() { Connection conn = null; Statement stmt =null; PreparedStatement pstmt = null; ResultSet rs = null; try { //加載驅動類
            Class.forName("com.mysql.jdbc.Driver"); //與數據庫創建鏈接
            conn = (Connection) DriverManager.getConnection(URL,USER,PWD); //執行sql 
            String sql = "select * from user"; /*stmt = conn.createStatement(); rs = stmt.executeQuery(sql);*/ pstmt = conn.prepareStatement(sql); rs = pstmt.executeQuery(); while(rs.next()) { int id = rs.getInt("id"); String name = rs.getString("uname"); String pwd = rs.getString("upwd"); System.out.println(id+"--"+name+"--"+pwd); } } catch (ClassNotFoundException e) { e.printStackTrace(); } catch (SQLException e) { e.printStackTrace(); }catch (Exception e) { e.printStackTrace(); } finally{ try { if(stmt != null) stmt.close(); if(conn != null) conn.close(); if(rs != null) rs.close(); } catch (SQLException e) { e.printStackTrace(); } } } }
View Code

基本上鍊接類中用到的就connection、statement、preparstatement、resultset四個對象,其中preparstatement是statement的子類,功能更多更好,ide

推薦優先使用preparstatement,理由以下:工具

1.編碼更加簡便(避免了字符串的拼接)性能

String name = "zs" ;
int age = 23 ;

stmt:
String sql =" insert into student(stuno,stuname) values('"+name+"',  "+age+" )    " ;
stmt.executeUpdate(sql);

pstmt:
String sql =" insert into student(stuno,stuname) values(?,?) " ;
pstmt = connection.prepareStatement(sql);//預編譯SQL
pstmt.setString(1,name);
pstmt.setInt(2,age);

2.提升性能(由於 有預編譯操做,預編譯只須要執行一次)

須要重複增長100條數 
stmt:
String sql =" insert into student(stuno,stuname) values('"+name+"',  "+age+" )    " ;
for(100)
stmt.executeUpdate(sql);

pstmt:
String sql =" insert into student(stuno,stuname) values(?,?) " ;
pstmt = connection.prepareStatement(sql);//預編譯SQL
pstmt.setString(1,name);
pstmt.setInt(2,age);
for( 100){
pstmt.executeUpdate();
}

3.安全(能夠有效防止sql注入),何爲sql注入,就是--將客戶輸入的內容  和 開發人員的SQL語句 混爲一體

stmt:存在被sql注入的風險  

(例如輸入  用戶名:任意值 ' or 1=1 --

  密碼:任意值)

分析:

當源代碼像select count(*) from login where uname='"+name+"' and upwd ='"+pwd+"' 

用戶有心搗亂就能夠進行sql注入,輸入惡意用戶名就變成了如下後果:

select count(*) from login where uname='任意值 ' or 1=1 --' and upwd ='任意值'  ;//--是sql中的註釋,後面語句被註釋了

select count(*) from login where uname='任意值 ' or 1=1 ;//結果就變成了這樣,由於or1=1,最終就正確了

select count(*) from login ;

pstmt:有效防止sql注入,推薦使用pstmt

除了以上直接輸入鏈接信息外還能夠寫在一個/項目名/src/a.properties文件,再從a.properties取出來用,代碼以下:

private static String url = null;
    private static String user = null;
    private static String password = null;
    private static String dv = null;

    static {
        Properties prop = new Properties();
        InputStream in = JdbcUtils.class.getResourceAsStream("/a.properties");
        
        try {
            prop.load(in);
            url = prop.getProperty("url");
            user = prop.getProperty("user");
            password= prop.getProperty("password");
            dv = prop.getProperty("driver");
            
            //加載驅動類
            try {
                Class.forName(dv);
            } catch (ClassNotFoundException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
        } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }                
    }

a.properties文件語句以下:

url:jdbc:mysql://localhost:3306/diary?characterEncoding=utf8
user:root
password:123456
driver:com.mysql.jdbc.Driver

上面只是最簡單的也是最原始的鏈接工具類,再來個比較高級通用的:

package jdbc.util; import java.sql.DriverManager; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; import java.sql.Connection; //須要WebContent/WEB-INF/lib/mysql-connector-java-5.1.24-bin.jar
public class JdbcUtil { public static final String URL = "jdbc:mysql://localhost:3306/test"; public static final String USER = "root"; public static final String PWD = "123456"; public static PreparedStatement pstmt = null ; public static Connection connection = null ; public static ResultSet rs = null ; //通用增刪改
    public static boolean executeUpdate(String sql,Object[]params){ try { pstmt = createPreParedStatement(sql,params); int count = pstmt.executeUpdate(); if(count>0) { return true; }else { return false; } } catch (ClassNotFoundException e) { // TODO Auto-generated catch block
 e.printStackTrace(); return false; } catch (SQLException e) { // TODO Auto-generated catch block
 e.printStackTrace(); return false; } catch (Exception e) { // TODO Auto-generated catch block
 e.printStackTrace(); return false; } finally { closeAll(null,pstmt,connection); } } //通用查
    public static ResultSet executeQuery(String sql,Object[]params) { //Student student = null; //List<Student> students = new ArrayList<>(); 
        try { pstmt = createPreParedStatement(sql,params); rs = pstmt.executeQuery(); return rs; } catch (ClassNotFoundException e) { // TODO Auto-generated catch block
 e.printStackTrace(); return null; } catch (SQLException e) { // TODO Auto-generated catch block
 e.printStackTrace(); return null; }catch (Exception e) { // TODO Auto-generated catch block
 e.printStackTrace(); return null; } } //導入驅動,加載具體的驅動類
    public static Connection getConnection() throws ClassNotFoundException, SQLException { Class.forName("com.mysql.jdbc.Driver"); return DriverManager.getConnection(URL,USER,PWD); } public static PreparedStatement createPreParedStatement(String sql,Object[] params) throws ClassNotFoundException, SQLException { pstmt = getConnection().prepareStatement(sql); if(pstmt != null) { for(int i=0;i<params.length;i++) { //循環賦值,相似pstmt.setint(1,id)
                pstmt.setObject(i+1, params[i]); } } return pstmt; } public static void closeAll(ResultSet rs,Statement stmt,Connection connection) { try { if(rs!=null)rs.close(); if(pstmt!=null)pstmt.close(); if(connection!=null)connection.close(); } catch (SQLException e) { e.printStackTrace(); } } }
View Code
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程