系列文章目录
JDBC增删改查。
目录
前言
PrepareStatement更具有效率,同时可以防止sql注入。
一、使用PrepareStatement对象有三大优点:
1、防止sql注入
2、提高代码可读性、可维护行
3、提高sql执行效率
二、使用步骤
1.查询
代码如下:
public static void Select() throws ClassNotFoundException, SQLException{
//1.把mysql所对应的驱动包加载到当前项目的classpath路径下,右键lib add as library
//2.加载mysql驱动
Class.forName("com.mysql.jdbc.Driver");
//3.获取连接对象
Connection connection=DriverManager.getConnection("jdbc:mysql://localhost:3306/Test?characterEncoding=utf-8","root","***");
//4.获取执行sql语句的对象
String sql="select * from user ";
PreparedStatement preparedStatement=connection.prepareStatement(sql);
//6.执行sql语句
ResultSet rs= preparedStatement.executeQuery();
while(rs.next()){
int id= rs.getInt("id");
String name=rs.getString("name");
int age=rs.getInt("age");
java.sql.Date birthday =rs.getDate("birthday");
System.out.println(id+"--"+name+"---"+age+"---"+birthday);
}
//7.释放资源
preparedStatement.close();
connection.close();
}
2.插入
代码如下:
public static void Insert()throws ClassNotFoundException, SQLException{
//1.把mysql所对应的驱动包加载到当前项目的classpath路径下,右键lib add as library
//2.加载mysql驱动
Class.forName("com.mysql.jdbc.Driver");
//3.获取连接对象
Connection connection=DriverManager.getConnection("jdbc:mysql://localhost:3306/Test?characterEncoding=utf-8","root","***");
//4.获取执行sql语句的对象
String sql="insert into user(name,age,birthday,id) values (?,?,?,?)";
PreparedStatement preparedStatement=connection.prepareStatement(sql);
//5.给占位符赋值
preparedStatement.setString(1,"爪哇苑");
preparedStatement.setInt(2,1);
preparedStatement.setDate(3,new java.sql.Date(new Date().getTime()));
preparedStatement.setInt(4,1);
//6.执行sql语句
int count=preparedStatement.executeUpdate();
System.out.println(count);
//7.释放资源
preparedStatement.close();
connection.close();
}
3.修改
代码如下:
public static void Update()throws ClassNotFoundException, SQLException{
//1.把mysql所对应的驱动包加载到当前项目的classpath路径下,右键lib add as library
//2.加载mysql驱动
Class.forName("com.mysql.jdbc.Driver");
//3.获取连接对象
Connection connection=DriverManager.getConnection("jdbc:mysql://localhost:3306/Test?characterEncoding=utf-8","root","***");
//4.获取执行sql语句的对象
String sql="update user set name=?,age=?,birthday=? where id=?";
PreparedStatement preparedStatement=connection.prepareStatement(sql);
//5.给占位符赋值
preparedStatement.setString(1,"爪哇");
preparedStatement.setInt(2,12);
preparedStatement.setDate(3,new java.sql.Date(new Date().getTime()));
preparedStatement.setInt(4,1);
//6.执行sql语句
int count=preparedStatement.executeUpdate();
System.out.println(count);
//7.释放资源
preparedStatement.close();
connection.close();
}
4.删除
代码如下:
public static void Delete()throws ClassNotFoundException, SQLException{
//1.把mysql所对应的驱动包加载到当前项目的classpath路径下,右键lib add as library
//2.加载mysql驱动
Class.forName("com.mysql.jdbc.Driver");
//3.获取连接对象
Connection connection=DriverManager.getConnection("jdbc:mysql://localhost:3306/Test?characterEncoding=utf-8","root","***");
//4.获取执行sql语句的对象
String sql="delete from user where id=?";
PreparedStatement preparedStatement=connection.prepareStatement(sql);
//5.给占位符赋值
preparedStatement.setInt(1,1);
//6.执行sql语句
int count=preparedStatement.executeUpdate();
System.out.println(count);
//7.释放资源
preparedStatement.close();
connection.close();
}
总结
以上就是今天要讲的内容,本文仅仅简单介绍了PreparedStatement的使用。如果对您有用,请留点赞和关注。经常分享java相关知识。