69期-Java SE-038_JDBC-2
### JDBC DriverManager—》Connection—〉Statement—》ResultSet 1、加載數據庫驅動,Java Application 和數據庫之間的橋樑。 2、獲取 Connection,一次鏈接。 3、Statement,由 Connection 產生,執行 SQL 語句。 四、若是是查詢操做,ResultSet 保存 Statement 執行後所產生的結果,若是是增、刪、改操做,直接返回 int 數據。 ### PreparedStatement Statment 的子接口,提供了一個 SQL 佔位符功能。 ```sql select * from user where id = 1; select * from user where id = ?; ``` 爲了解決動態拼接 SQL 語句所帶來的問題,手動拼接的弊端? - 麻煩,容易出錯 - SQL 注入的風險 利用某些系統沒有對用戶輸入的數據進行充分校驗,在用戶輸入的數據中注入非法的 SQL 語句,從而利用系統的 SQL 引擎完成惡意操做的行爲。 使用 PreparedStatement 提供的 SQL 佔位符功能一方面能夠簡化 SQL 代碼的編寫,提升效率,減小出錯的機率,同時還能夠有效防止 SQL 注入。 PreparedStatement 防止 SQL 注入的基本原理: SQL 語句在程序運行前已經進行了預編譯,在操做數據庫以前,SQL 語句已經被數據庫引擎編譯,優化,當動態參數傳給 PreparedStatement,數據庫會自動檢測參數值,若是包含" or 1=1",則會把這個值總體看成字段的值來進行判斷,而不會進行邏輯運算。 將圖片存入數據庫 原理:將圖片轉爲二進制流,而後將二進制流保存到數據庫中,要求存儲圖片的字段數據類型爲二進制類型。 MySQL 有四種二進制數據類型(除了存儲最大信息量不一樣以外,沒有區別) blob 最大 65 KB tynyblob 最大 255 KB 255*1024 byte mediumblob 最大 16 MB longblob 最大 4 GB 1、在數據表中添加一個字段 mediumblob 類型。 2、在 Java 程序中經過 JDBC 向數據庫插入圖片數據。 - 將圖片轉爲二進制流。 - 經過調用 setBlob() 方法完成數據的傳入。 將圖片保存到數據庫中。 ```java package com.southwind.test; import com.southwind.utils.JDBCTools; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.SQLException; public class BlobTest { public static void main(String[] args) { Connection connection = JDBCTools.getConnection(); PreparedStatement preparedStatement = null; try { InputStream inputStream = new FileInputStream("1.png"); System.out.println(inputStream.available()); String sql = "insert into t_user(username,password,age,file) values(?,?,?,?)"; preparedStatement = connection.prepareStatement(sql); preparedStatement.setString(1,"圖片"); preparedStatement.setString(2,"000"); preparedStatement.setInt(3,18); preparedStatement.setBlob(4,inputStream); preparedStatement.executeUpdate(); } catch (FileNotFoundException e) { e.printStackTrace(); } catch (IOException e){ e.printStackTrace(); } catch (SQLException e){ e.printStackTrace(); }finally { JDBCTools.release(connection,preparedStatement,null); } } } ``` 從數據庫中讀取圖片。 ```java package com.southwind.test; import com.southwind.utils.JDBCTools; import java.io.*; import java.sql.*; public class ReadImg { public static void main(String[] args) { Connection connection = JDBCTools.getConnection(); PreparedStatement preparedStatement = null; ResultSet resultSet = null; InputStream inputStream = null; OutputStream outputStream = null; try { String sql = "select * from t_user where id = ?"; preparedStatement = connection.prepareStatement(sql); preparedStatement.setInt(1,30); resultSet = preparedStatement.executeQuery(); if(resultSet.next()){ int id = resultSet.getInt(1); String username = resultSet.getString(2); String password = resultSet.getString(3); int age = resultSet.getInt(4); Blob file = resultSet.getBlob(5); System.out.println(id); System.out.println(username); System.out.println(password); System.out.println(age); System.out.println(file); inputStream = file.getBinaryStream(); outputStream = new FileOutputStream("3.jpg"); int temp = 0; while((temp = inputStream.read())!=-1){ outputStream.write(temp); } } } catch (SQLException e) { e.printStackTrace(); } catch (FileNotFoundException e){ e.printStackTrace(); } catch (IOException e){ e.printStackTrace(); } finally { JDBCTools.release(connection,preparedStatement,resultSet); try { inputStream.close(); outputStream.close(); } catch (IOException e) { e.printStackTrace(); } } } } ```
ReadImg.javajava
package com.southwind.test; import com.southwind.utils.JDBCTools; import java.io.*; import java.sql.*; public class ReadImg { public static void main(String[] args) { Connection connection = JDBCTools.getConnection(); PreparedStatement preparedStatement = null; ResultSet resultSet = null; InputStream inputStream = null; OutputStream outputStream = null; try { String sql = "select * from t_user where id = ?"; preparedStatement = connection.prepareStatement(sql); preparedStatement.setInt(1,30); resultSet = preparedStatement.executeQuery(); if(resultSet.next()){ int id = resultSet.getInt(1); String username = resultSet.getString(2); String password = resultSet.getString(3); int age = resultSet.getInt(4); Blob file = resultSet.getBlob(5); System.out.println(id); System.out.println(username); System.out.println(password); System.out.println(age); System.out.println(file); inputStream = file.getBinaryStream(); outputStream = new FileOutputStream("2.png"); int temp = 0; while((temp = inputStream.read())!=-1){ outputStream.write(temp); } } } catch (SQLException e) { e.printStackTrace(); } catch (FileNotFoundException e){ e.printStackTrace(); } catch (IOException e){ e.printStackTrace(); } finally { JDBCTools.release(connection,preparedStatement,resultSet); try { inputStream.close(); outputStream.close(); } catch (IOException e) { e.printStackTrace(); } } } }
Test.javamysql
package com.southwind.test; import com.southwind.utils.JDBCTools; import java.sql.*; public class Test { public static void main(String[] args) { System.out.println(login("dsaf' or '1'='1","asdf' or '1'='1")); System.out.println(login2("zhangsan","123")); } public static boolean login(String username,String password){ Connection connection = null; Statement statement = null; ResultSet resultSet = null; boolean flag = false; try { connection = JDBCTools.getConnection(); String sql = "select * from t_user where username = '"+username+"' and password = '"+password+"'"; statement = connection.createStatement(); resultSet = statement.executeQuery(sql); if(resultSet.next()){ flag = true; } } catch (SQLException e) { e.printStackTrace(); } finally { JDBCTools.release(connection,statement,resultSet); } return flag; } public static boolean login2(String username,String password){ Connection connection = null; PreparedStatement preparedStatement = null; ResultSet resultSet = null; boolean flag = false; try { connection = JDBCTools.getConnection(); String sql = "select * from t_user where username = ? and password = ?"; System.out.println(sql); preparedStatement = connection.prepareStatement(sql); preparedStatement.setString(1,username); preparedStatement.setString(2,password); resultSet = preparedStatement.executeQuery(); if(resultSet.next()){ flag = true; } } catch (SQLException e) { e.printStackTrace(); } finally { JDBCTools.release(connection,preparedStatement,resultSet); } return flag; } }
WriteImg.javasql
package com.southwind.test; import com.southwind.utils.JDBCTools; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.SQLException; public class WriteImg { public static void main(String[] args) { Connection connection = JDBCTools.getConnection(); PreparedStatement preparedStatement = null; try { InputStream inputStream = new FileInputStream("1.png"); System.out.println(inputStream.available()); String sql = "insert into t_user(username,password,age,file) values(?,?,?,?)"; preparedStatement = connection.prepareStatement(sql); preparedStatement.setString(1,"圖片"); preparedStatement.setString(2,"000"); preparedStatement.setInt(3,18); preparedStatement.setBlob(4,inputStream); preparedStatement.executeUpdate(); } catch (FileNotFoundException e) { e.printStackTrace(); } catch (IOException e){ e.printStackTrace(); } catch (SQLException e){ e.printStackTrace(); }finally { JDBCTools.release(connection,preparedStatement,null); } } }
JDBCTools.java數據庫
package com.southwind.utils; import java.sql.*; public class JDBCTools { private static String url = "jdbc:mysql://localhost:3306/mbtest?useUnicode=true&characterEncoding=UTF-8"; private static String user = "root"; private static String password = "root"; private static String driverName = "com.mysql.cj.jdbc.Driver"; static{ try { Class.forName(driverName); } catch (ClassNotFoundException e) { e.printStackTrace(); } } public static Connection getConnection(){ Connection connection = null; try { connection = DriverManager.getConnection(url,user,password); } catch (SQLException e) { e.printStackTrace(); } return connection; } public static void release(Connection connection, Statement statement, ResultSet resultSet){ try { if(connection!=null){ connection.close(); } if(statement!=null){ statement.close(); } if(resultSet!=null){ resultSet.close(); } } catch (SQLException e) { e.printStackTrace(); } } }
相關文章
- 1. 69期-Java SE-041_JDBC-5
- 2. 69期-Java SE-037_JDBC-1
- 3. 69期-Java SE-056_Spring-1
- 4. 69期-Java SE-052_AJAX-2
- 5. 69期-Java SE-040_JDBC-4
- 6. 69期-Java SE-053_AJAX-3
- 7. 69期-Java SE-028_網絡編程-3
- 8. 69期-Java SE-024-反射-2-001-002
- 9. 69期-Java SE-001_Java概述-001-002
- 10. 69期-Java SE-055_綜合練習
- 更多相關文章...
- • SQLite - Java - SQLite教程
- • Rust 生命週期 - RUST 教程
- • Java 8 Stream 教程
- • ☆基於Java Instrument的Agent實現
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
