JAVA JDBC prepareStatement 添加数据

我们使用prepareStatement来操作数据库,可以防止sql注入,并且无需拼接sql语句.

核心代码:

String sql = "insert into customers(name,email,birth)values(?,?,?)";
ps = connection.prepareStatement(sql);
ps.setString(1,"哪吒");
ps.setString(2,"nezha@gamail.com");
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
Date date = sdf.parse("1000-01-01");
ps.setDate(3, new java.sql.Date(date.getTime()));
ps.execute();

完整代码

JAVA JDBC prepareStatement 添加数据
InputStream is = connectTest.class.getClassLoader().getResourceAsStream("jdbcInfo.properties");
        Properties pro = new Properties();
        pro.load(is);

        String user = pro.getProperty("user");
        String password = pro.getProperty("password");
        String url = pro.getProperty("url");
        String driverClass = pro.getProperty("driverClass");
        //利用反射
        Connection connection = null;
        PreparedStatement ps = null;
        try {
            Class.forName(driverClass);
            connection = DriverManager.getConnection(url,user,password);
            System.out.println(connection);

            String sql = "insert into customers(name,email,birth)values(?,?,?)";
            ps = connection.prepareStatement(sql);
            ps.setString(1,"哪吒");
            ps.setString(2,"nezha@gamail.com");
            SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
            Date date = sdf.parse("1000-01-01");
            ps.setDate(3, new java.sql.Date(date.getTime()));
            ps.execute();
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
        } catch (SQLException e) {
            e.printStackTrace();
        } catch (ParseException e) {
            e.printStackTrace();
        } finally {
            if(ps!=null)
                try {
                    ps.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            if(connection!=null)
                try {
                    connection.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
        }
View Code

 

上一篇:mybatis BaseMapper int insert(T entity) 方法异常


下一篇:serialize