Home > Database > Mysql Tutorial > body text

jdbc connection operation mysql, direct operation and preprocessing method

一个新手
Release: 2017-09-11 11:19:16
Original
1343 people have browsed it

Steps:
1. Load the sql database driver

 Class.forName(“com.mysql.jdbc.Driver”);
Copy after login

2. Connect to the database

 con = DriverManager.getConnection(url, username, pwd);
Copy after login

3. Get Statement

stmt = con.createStatement();
Copy after login

4. Write the sql statement you want to execute

eg: String sql = “select * from student”;
Copy after login

5. Operation database

For the sake of understanding, the following is the content of the database I operate:
jdbc connection operation mysql, direct operation and preprocessing method

jdbc connection operation mysql, direct operation and preprocessing method

package com.wql.jdbc;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;/**
 * @author wql
 *
 */public class jdbc {    public static void main(String[] args) {        /// 加载sql数据库驱动
        try {
            Class.forName("com.mysql.jdbc.Driver");
        } catch (ClassNotFoundException e) {            // TODO Auto-generated catch block
            e.printStackTrace();
        }

        Connection con = null;
        Statement stmt = null;
        ResultSet result = null;
        PreparedStatement pstm = null;// 预处理

        String url = "jdbc:mysql://localhost:3306/work"; // 数据库所在位置
        String username = "root"; // 数据库用户名
        String pwd = "123456"; // 数据库密码
        try {            /// 连接数据库
            con = DriverManager.getConnection(url, username, pwd);            /// 获得Statement
            stmt = con.createStatement();            /// 写入想要执行的sql语句
            String sql = "select * from student";            /// 获得sql语句执行后的集
            result = stmt.executeQuery(sql);            // 在控制台打印出数据库内容
            System.out.println("学号" + " 姓名" + "    年    龄    " + "  性别");            while (result.next()) {                int id = result.getInt(1); // 这里对应数据库中表的第一个字段属性,接受内容的属性要根据数据库的属性
                String name = result.getString(2);
                String age = result.getString(3);
                String sex = result.getString(4);
                System.out.println(" " + id + "  " + name + " " + age + " " + sex);/////////////////////下面有验证截图1 /////////////////////////
            }            // 用Statement向表中插入数据
            String sql2 = "insert into student values(9,\"李丽\",\"1990-12-25\",\"女\")";          
            stmt.executeUpdate(sql2);// 更新数据/////////////////////下面有验证jdbc connection operation mysql, direct operation and preprocessing method /////////////////////////


        ///// 上面用Statement操作数据库十分麻烦,在一些特定场合可以使用预处理方法来操作数据库
            String sql3 = "insert into student values(?,?,?,?)";/// 插入数据
            pstm = con.prepareStatement(sql3);

            pstm.setInt(1, 10); /// 前面的数字1代码表中的第1字段,后面的9是要插入表中第1个字段的内容
            pstm.setString(2, "流星雨");
            pstm.setString(3, "1998-02-03");
            pstm.setString(4, "男");

            pstm.executeUpdate();/////////////////////下面有验证截图 /////////////////////////
        } catch (SQLException e) {            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }
}
Copy after login

Screenshot 1:
jdbc connection operation mysql, direct operation and preprocessing method

Screenshot 2:
jdbc connection operation mysql, direct operation and preprocessing method

Screenshot 3:
jdbc connection operation mysql, direct operation and preprocessing method


The above operations on the database can be used to draw inferences, focusing on: the benefits of preprocessing:
jdbc Connection preprocessing can prevent SQL injection and improve security. Because the SQL statement has been pre-compiled before the program is run, the SQL statement has been analyzed, compiled and optimized by the database before the first operation of the database when the program is running. The corresponding execution plan will also be cached and allow the database to be parameterized. Query in the form, when parameters are dynamically passed to PreprareStatement at runtime, even if there are sensitive characters in the parameters such as or'1=1', the database will treat it as a parameter and a field attribute value instead of as an SQL command. In this way, it plays the role of SQL injection!

The above is the detailed content of jdbc connection operation mysql, direct operation and preprocessing method. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!