PreparedStatemen
1、预编译SQL语句并执行,预防SQL注入问题
对关键字进行转义
登录模块
package com.avb.jdbc;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;
public class loginin {
public static void main(String[] args) throws Exception {
//注册驱动
Class.forName("com.mysql.jdbc.Driver");
//获取连接
String url = "jdbc:mysql://127.0.0.1:3306/db1";
String username = "root";
String password = "root";
Connection conn = DriverManager.getConnection(url, username, password);
String name = "abc";
String pwd = "123";
//定义sql
String sql = "select * from user where username = '" + name + "' and password = '" + pwd + "'";
//获取执行sql的对象Statement
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery(sql);
if (rs.next()) {
System.out.println("登录成功");
} else {
System.out.println("登录失败");
}
rs.close();
stmt.close();
conn.close();
}
}
使用PrepareStatement
package com.avb.jdbc;
import java.sql.*;
public class loginin {
public static void main(String[] args) throws Exception {
//注册驱动
Class.forName("com.mysql.jdbc.Driver");
//获取连接
String url = "jdbc:mysql://127.0.0.1:3306/db1";
String username = "root";
String password = "root";
Connection conn = DriverManager.getConnection(url, username, password);
String name = "abc";
String pwd = "123";
//定义sql
String sql = "select * from user where username = ? and password = ?";
//获取执行sql的对象Statement
PreparedStatement pstmt = conn.prepareStatement(sql);
//获取pstm对象
pstmt.setString(1,name);
pstmt.setString(2,pwd);
//执行sql
ResultSet rs = pstmt.executeQuery();
if (rs.next()) {
System.out.println("登录成功");
} else {
System.out.println("登录失败");
}
rs.close();
pstmt.close();
conn.close();
}
}
标签:username,jdbc,String,--,PreparedStatemen,API,sql,close,conn From: https://www.cnblogs.com/L-1906/p/17794651.html