java核心技术之JDBC (一)
时间:2022-03-14 04:52
package com. db.jdbc ;
import java. sql.Connection ;
import java. sql.DriverManager ;
import java. sql.ResultSet ;
import java. sql.SQLException ;
import java. sql.Statement ;
import org. junit.Test ;
public class jdbcTest {
final String url = "jdbc:mysql://localhost:3306/test" ;
final String user = "root";
final String password = "";
ResultSet rs = null;
Statement st = null;
Connection connection = null;
@Test
public void test_jdbc(){
try {
Class .forName( "com.mysql.jdbc.Driver");//加载驱动
connection = DriverManager.getConnection( url, user, password);//获取链接
st = connection. createStatement();//创建执行
rs = st. executeQuery("select
* from test");//执行
while( rs.next ()){//处理结果
System .out. println(rs .getString( "name"));
}
} catch (Exception e) {
e .printStackTrace();
}finally {
try {
if( rs!=null){
rs.close ();
}
if( st!=null){
st.close ();
}
if( connection!=null){
connection.close ();
}
} catch (SQLException e) {
// TODO Auto-generated
catch block
e .printStackTrace();
}
}
}
}
3.注册驱动的方式
import java. sql.Connection ; import java. sql.DriverManager ; import java. sql.ResultSet ; import java. sql.SQLException ; import java. sql.Statement ; import org. junit.Test ;
public class jdbcTest { final String url = "jdbc:mysql://localhost:3306/test" ; final String user = "root"; final String password = ""; ResultSet rs = null; Statement st = null; Connection connection = null; @Test public void test_jdbc(){ try { Class .forName( "com.mysql.jdbc.Driver");//加载驱动 connection = DriverManager.getConnection( url, user, password);//获取链接 st = connection. createStatement();//创建执行 rs = st. executeQuery("select * from test");//执行 while( rs.next ()){//处理结果 System .out. println(rs .getString( "name")); } } catch (Exception e) { e .printStackTrace(); }finally { try { if( rs!=null){ rs.close (); } if( st!=null){ st.close (); } if( connection!=null){ connection.close (); } } catch (SQLException e) { // TODO Auto-generated catch block e .printStackTrace(); } } } }
|
这三个注册驱动的方式有什么不同喃? 4.statement 一个statement 只能维护一个resultSet 为什么喃? 我是这样理解的,一个连接可以通过不同的操作来获取不同的结果,每一个不同的结果都有不同的statement来装,而一个statement对象对应着一个resultset结果,如果一个statement装着不同的结果,那我们以哪个为准喃?所以一个statement 只能维护一个resultSet
@Test public void test_statement() throws Exception{ Class .forName( "com.mysql.jdbc.Driver"); Connection connection = DriverManager.getConnection( url, user, password); Statement st = connection.createStatement (); ResultSet rs = st.executeQuery ("select * from test"); while( rs.next ()){ rs .close(); } ResultSet rs1 = st.executeQuery ("select * from test"); while( rs1.next ()){ } } 结果:报错 |
5.Statement和PrparedStatement的区别?
看看statement和 PrparedStatement执行同样的查询
@Test public void test_statement() throws Exception{ Class .forName( "com.mysql.jdbc.Driver"); Connection connection = DriverManager.getConnection( url, user, password); Statement st = connection.createStatement (); String id = "1"; ResultSet rs = st.executeQuery ("select * from test where id="+id ); while( rs.next ()){ System .out. println(rs .getString( "name")); } } 结果:OK @Test public void test_prestatement() throws Exception{ Class .forName( "com.mysql.jdbc.Driver"); Connection connection = DriverManager.getConnection( url, user, password); PreparedStatement ps = connection.prepareStatement( "select * from test where id=?"); ps .setString( 1, "1"); ResultSet rs = ps.executeQuery (); while( rs.next ()){ System .out. println(rs .getString( "name")); } } 结果:OK |
结果都是OK,到底有什么区别喃?
如果我们把id的值赋值为“or 1 or ”,上面查出来的就是全部。。 这个就是我们经常说sql注入攻击 第二个区别就是:preparedStetement 可以预编译语句,可以缓存起来,提高查询速度
下次继续写JDBC的事物,数据库隔离级别,存储过程,还有就是回答上面的那个问题,三个注入有什么区别?