Java JDBCI批量插入数据

 

 

智能插入:将整批分批,每一千条提交一次,sql注入(安全,使用软解析,提高效率)

sql注入攻击:简单例子

select * from table where name=‘"+un+"‘ and psw=‘"+pw+"‘",

假如可以输入任何字符,un随便输入12345‘ or 1=1--这样提交过来的aa就会select * from table where name=‘12345‘ or 1=1--password

String sql = "insert into employee (name, city, phone) values (?, ?, ?)";
Connection connection = new getConnection();
PreparedStatement ps = connection.prepareStatement(sql);
final int batchSize = 1000;
int count = 0;
for (Employee employee: employees) {
    ps.setString(1, employee.getName());
    ps.setString(2, employee.getCity());
    ps.setString(3, employee.getPhone());
    ps.addBatch();
    if(++count % batchSize == 0) {
        ps.executeBatch();
    }
}
ps.executeBatch(); // insert remaining records
ps.close();
connection.close();

 

Java JDBCI批量插入数据

上一篇:ERROR 2002 (HY000): Can't connect to local MySQL server through socket


下一篇:交叉编译sqlite3