使用JDBC连接mysql数据库
一.JDBC是什么
JDBC(Java Database Connectivity) Java 连接数据库的规范(标准),可以使用 Java 语言连接数据库完成 CRUD 操作。
二.导入maven依赖
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.29</version>
</dependency>
三.注册驱动
注册驱动就是将sql语句的运行环境加载到jvm
mysql8.0及8.0之后
Class.forName("com.mysql.cj.jdbc.Driver");
mysql8.0之前
Class.forName("com.mysql.jdbc.Driver");
四.获取数据库连接对象
通过DriverManager对象的getConnection方法获取Connection对象,即数据库连接对象
url:数据库链接地址
username:数据库用户名
password:数据库密码
String url = "jdbc:mysql://localhost:3306/test01?useUnicode=true&characterEncoding=utf8&useSSL=false&serverTimezone=UTC";
String username = "root";
String password = "1234";
Connection connection = DriverManager.getConnection(url, username, password);
五.获取SQL语句执行对象
通过Connection对象的createStatement方法获取Statement对象,用来访问数据库
Statement statement = connection.createStatement();
六.执行SQL语句
1.增删改操作
使用Statement对象的executeUpdate方法执行
String sql = "insert into tb_user values('3','Sethos','123456','1234','2020-01-01',200000,2)";
statement.executeUpdate(sql);
关流
statement.close();
connection.close();
完整代码
public static void main(String[] args) {
Connection connection = null;
Statement statement = null;
try {
Class.forName("com.mysql.cj.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/test01?useUnicode=true&characterEncoding=utf8&useSSL=false&serverTimezone=UTC";
String username = "root";
String password = "1234";
connection = DriverManager.getConnection(url, username, password);
statement = connection.createStatement();
String sql = "insert into tb_user values('3','Sethos','123456','1234','2020-01-01',200000,2)";
statement.executeUpdate(sql);
} catch (SQLException | ClassNotFoundException e) {
throw new RuntimeException(e);
} finally {
try {
statement.close();
connection.close();
} catch (SQLException e) {
throw new RuntimeException(e);
}
}
}
2.查询操作
创建ResultSet结果集,使用Statement对象的executeQuery方法执行SQL语句,返回ResultSet类型
String sql = "select * from tb_user where id = " + 1;
ResultSet resultSet = statement.executeQuery(sql);
ResultSet提供了几个方法
boolean next():判断集合是否有下一行数据
int getInt(String columnLabel):取出int类型数据
double getDouble(String columnLabel):取出double类型数据
Date getDate(String columnLabel):取出Date类型数据
String getInt(String columnLabel):取出String类型数据
获取查询的数据
while (resultSet.next()){
int id = resultSet.getInt("id");
String user = resultSet.getString("username");
String pass = resultSet.getString("password");
String phone = resultSet.getString("phone");
Date createTime = resultSet.getDate("create_time");
double money = resultSet.getDouble("money");
int sex = resultSet.getInt("sex");
System.out.println("id = " + id);
System.out.println("user = " + user);
System.out.println("pass = " + pass);
System.out.println("phone = " + phone);
System.out.println("createTime = " + createTime);
System.out.println("money = " + money);
System.out.println("sex = " + sex);
System.out.println("---------------------------");
}
关流
resultSet.close();
statement.close();
connection.close();
完整代码
public static void main(String[] args) {
Connection connection = null;
Statement statement = null;
ResultSet resultSet = null;
try {
Class.forName("com.mysql.cj.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/test01?useUnicode=true&characterEncoding=utf8&useSSL=false&serverTimezone=UTC";
String username = "root";
String password = "1234";
connection = DriverManager.getConnection(url, username, password);
statement = connection.createStatement();
String sql = "select * from tb_user where id = " + 1;
resultSet = statement.executeQuery(sql);
while (resultSet.next()){
int id = resultSet.getInt("id");
String user = resultSet.getString("username");
String pass = resultSet.getString("password");
String phone = resultSet.getString("phone");
Date createTime = resultSet.getDate("create_time");
double money = resultSet.getDouble("money");
int sex = resultSet.getInt("sex");
System.out.println("id = " + id);
System.out.println("user = " + user);
System.out.println("pass = " + pass);
System.out.println("phone = " + phone);
System.out.println("createTime = " + createTime);
System.out.println("money = " + money);
System.out.println("sex = " + sex);
System.out.println("---------------------------");
}
} catch (ClassNotFoundException | SQLException e) {
throw new RuntimeException(e);
} finally {
try {
resultSet.close();
statement.close();
connection.close();
} catch (SQLException e) {
throw new RuntimeException(e);
}
}
}
七.SQL注入
之前的条件查询语句存在一个隐患,如果用户输入 or 1=1
String sql = "select * from tb_user where username = " + 1 + " and password = " + 1 + " or 1=1";
那么执行结果就是
id = 1
user = Sigewinne
pass = 123456
phone = 1111
createTime = 2000-01-01
money = 100.0
sex = 2
---------------------------
id = 3
user = Sethos
pass = 123456
phone = 1234
createTime = 2020-01-01
money = 200000.0
sex = 2
---------------------------
id = 7
user = Kachina
pass = 123456
phone = null
createTime = null
money = 0.0
sex = 0
---------------------------
因此即使用户输入的用户名和密码是错误的也可以登录进去,如果用户输入了删库语句等会造成更加严重的后果
避免SQL注入可以使用预编译处理
八.预编译处理
使用PreparedStatement进行预编译处理
先写SQL语句,使用?代替原来拼接参数的地方
String sql = "select * from tb_user where username = ? and password = ?";
使用PreparedStatement预编译处理SQL语句
PreparedStatement preparedStatement = connection.prepareStatement(sql);
为占位符传递参数值,需要传什么类型的参数,就使用对应的方法,(setInt,setString等)
preparedStatement.setString(1,"Sigewinne");
preparedStatement.setString(2,"123456");
执行SQL语句
resultSet = preparedStatement.executeQuery();
关流
resultSet.close();
preparedStatement.close();
connection.close();
完整代码
public static void main(String[] args) {
Connection connection = null;
Statement statement = null;
PreparedStatement preparedStatement = null;
ResultSet resultSet = null;
try {
Class.forName("com.mysql.cj.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/test01?useUnicode=true&characterEncoding=utf8&useSSL=false&serverTimezone=UTC";
String username = "root";
String password = "1234";
connection = DriverManager.getConnection(url, username, password);
statement = connection.createStatement();
String sql = "select * from tb_user where username = ? and password = ?";
preparedStatement = connection.prepareStatement(sql);
preparedStatement.setString(1,"Sigewinne");
preparedStatement.setString(2,"123456");
resultSet = preparedStatement.executeQuery();
while (resultSet.next()) {
int id = resultSet.getInt("id");
String user = resultSet.getString("username");
String pass = resultSet.getString("password");
String phone = resultSet.getString("phone");
Date createTime = resultSet.getDate("create_time");
double money = resultSet.getDouble("money");
int sex = resultSet.getInt("sex");
System.out.println("id = " + id);
System.out.println("user = " + user);
System.out.println("pass = " + pass);
System.out.println("phone = " + phone);
System.out.println("createTime = " + createTime);
System.out.println("money = " + money);
System.out.println("sex = " + sex);
System.out.println("---------------------------");
}
} catch (ClassNotFoundException | SQLException e) {
throw new RuntimeException(e);
} finally {
try {
resultSet.close();
preparedStatement.close();
connection.close();
} catch (SQLException e) {
throw new RuntimeException(e);
}
}
}
使用预编译处理同样可以进行增删改操作,增删改同样使用executeUpdate方法执行SQL语句
标签:JDBC,String,connection,resultSet,System,curd,mysql,println,out From: https://blog.csdn.net/qq_38930254/article/details/143446307