1.1prepareStatement解决sql注入的问题
//演示sql注入的安全问题
public static void main(String [] args) throws Exception{
Scanner scanner=new Scanner(System.in); //Scanner类有没有讲过。
System.out.print("请输入账号:");
String username = scanner.nextLine();
System.out.print("请输入密码:");
String password = scanner.nextLine(); //你输入的账号和密码 nextLine() 可以输入空格 回车任认为结束 next()输入空格后认为输入结束。
boolean b = sqlSafe02(username, password);
}
private static boolean sqlSafe(String name,String password) throws Exception{
Class.forName("com.mysql.cj.jdbc.Driver");
Connection conn = DriverManager.getConnection
("jdbc:mysql://localhost:3306/mydb?serverTimezone=Asia/Shanghai", "root", "root");
//使用PrepareStatement 这里的? 是占位符。
String sql="select * from t_user where username=? and password=?";
PreparedStatement ps = conn.prepareStatement(sql);//预编译sql
//为占位符赋值。根据占位符的类型使用不同的方法来赋值
ps.setString(1,name); //1表示第一个占位符 name:表示第一个占位符的值
ps.setString(2,password);
//执行sql语句
ResultSet rs = ps.executeQuery();
while (rs.next()){
System.out.println("登录成功");
return true;
}
System.out.println("登录失败");
return false;
}
2.prepareStatement完成增删改查
/*添加记录*/
@Test
public void addDemo01() throws ClassNotFoundException, SQLException {
Class.forName("com.mysql.cj.jdbc.Driver");
String url="jdbc:mysql://localhost:3306/mydb?serverTimezone=Asia/Shanghai";
String user="root";
String pwd ="root";
Connection connection = DriverManager.getConnection(url, user, pwd);
String sql = "insert into student values(null,?,?,?)";
PreparedStatement ps = connection.prepareStatement(sql);
ps.setString(1,"张三");
ps.setInt(2,16);
ps.setString(3,"北京");
ps.executeUpdate();
ps.close();
}
/*删除记录*/
@Test
public void deleteDemo01() throws ClassNotFoundException, SQLException {
Class.forName("com.mysql.cj.jdbc.Driver");
String url="jdbc:mysql://localhost:3306/mydb?serverTimezone=Asia/Shanghai";
String user="root";
String pwd ="root";
Connection connection = DriverManager.getConnection(url, user, pwd);
String sql = "delete from student where id = ?";
PreparedStatement ps = connection.prepareStatement(sql);
ps.setInt(1,3);
ps.executeUpdate();
ps.close();
}
/*修改记录*/
@Test
public void updateDemo01() throws ClassNotFoundException, SQLException {
Class.forName("com.mysql.cj.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/mydb?serverTimezone=Asia/Shanghai";
String user="root";
String pwd = "root";
Connection connection = DriverManager.getConnection(url, user, pwd);
String sql = "update student set address=? where id=26";
PreparedStatement ps = connection.prepareStatement(sql);
ps.setString(1,"北京");
ps.executeUpdate();
ps.close();
}
/*查询记录*/
@Test
public void searchDemo01() throws ClassNotFoundException, SQLException {
Class.forName("com.mysql.cj.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/mydb?serverTimezone=Asia/Shanghai";
String user="root";
String pwd = "root";
Connection connection = DriverManager.getConnection(url, user, pwd);
String sql="select * from student where id=?";
PreparedStatement ps = connection.prepareStatement(sql);
ps.setInt(1,7);
ResultSet rs = ps.executeQuery();
while (rs.next()){
String name = rs.getString("name");
int age = rs.getInt("age");
String address = rs.getString("address");
System.out.println(name+"\t"+age+"\t"+address);
}
rs.close();
}
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
如需转载请保留出处:https://bianchenghao.cn/39003.html