JDBC 的 PreparedStatement 與 Statement

 1 import java.sql.Connection;
 2 import java.sql.DriverManager;
 3 import java.sql.PreparedStatement;
 4 import java.sql.ResultSet;
 5 import java.sql.Statement;
 6 import java.util.Date;
 7 
 8 public class StatmentExample {
 9 
10     public static void main(String[] args) throws Exception {
11         mysqlConnection3();
12     }
13     
14     // mysql 獲取自增id的值的方法
15     public static void mysqlConnection1() throws Exception {
16         Class.forName("com.mysql.jdbc.Driver");
17         String url = "jdbc:mysql://localhost/test?useUnicode=true&&characterEncoding=UTF-8&autoReconnect=true";
18         String user = "root";
19         String password = "123456";
20         Connection conn = null;
21         Statement stmt = null;
22         ResultSet rs = null;
23         
24         try {
25             conn = DriverManager.getConnection(url, user, password);
26             stmt = conn.createStatement();
27             stmt.executeUpdate("insert into dept (deptname) values ('市場部')", Statement.RETURN_GENERATED_KEYS);
28             rs = stmt.getGeneratedKeys();// mysql 獲取自增id的值的方法
29             if (rs.next()) {
30                 System.out.println(rs.getInt(1));
31             }
32         } catch (Exception e) {
33             throw e;
34         } finally {
35             rs.close();
36             stmt.close();
37             conn.close();
38         }
39     }
40     // 建議始終以 PreparedStatement 代替 Statement
41     // 1.雖然代碼多出幾行，但可讀性和可維護性獲得提高
42     // 2.防止SQL注入提升安全性，佔位符中的內容都會被轉義，['w' or '1' = '1']會被轉義成[\'\\'w\\' or \\'1\\' = \\'1\\'\']
43     // 3.雖然預編譯要耗費時間，但sql編譯後的執行代碼被緩存下來，下次調用時就不須要編譯，從而提高性能
44     public static void mysqlConnection2() throws Exception {
45         Class.forName("com.mysql.jdbc.Driver");
46         String url = "jdbc:mysql://localhost/test?useUnicode=true&&characterEncoding=UTF-8&autoReconnect=true";
47         String user = "root";
48         String password = "123456";
49         Connection conn = null;
50         PreparedStatement perstmt2 = null;
51         ResultSet rs2 = null;
52         
53         try {
54             conn = DriverManager.getConnection(url, user, password);
55             String sql2 = "select deptno,deptname from dept where deptno = ? ";// dept這張表有deptno，deptname字段
56             perstmt2 = conn.prepareStatement(sql2);
57             perstmt2.setInt(1,11);
58             rs2 = perstmt2.executeQuery();
59             while (rs2.next()) {
60                 System.out.print(rs2.getInt("deptno") + "    ");
61                 System.out.println(rs2.getString("deptname"));
62             }
63         } catch (Exception e) {
64             throw e;
65         } finally {
66             // 不要只關閉conn，由於數據庫那邊的資源確實釋放了，可是java這邊的操做系統中的鏈接資源不會即時釋放
67             rs2.close();
68             perstmt2.close();
69             conn.close();
70         }
71     }
72     // 使用PreparedStatement的AddBatch()方法一次性發送多個sql給數據庫
73     public static void mysqlConnection3() throws Exception {
74         Class.forName("com.mysql.jdbc.Driver");
75         String url = "jdbc:mysql://localhost/test?useUnicode=true&&characterEncoding=UTF-8&autoReconnect=true";
76         String user = "root";
77         String password = "123456";
78         Connection conn = null;
79         PreparedStatement perstmt2 = null;
80         
81         try {
82             conn = DriverManager.getConnection(url, user, password);
83             System.out.println((new Date()).getTime());
84             perstmt2 = conn.prepareStatement("insert into dept (deptname) values (?)");  
85             for (int n = 0; n < 1000; n++) {
86                 perstmt2.setString(1, "信息部" + n);
87                 perstmt2.addBatch();
88             }
89             perstmt2.executeBatch(); 
90             System.out.println((new Date()).getTime());
91         } catch (Exception e) {
92             throw e;
93         } finally {
94             perstmt2.close();
95             conn.close();
96         }
97     }
98 }