【Java】JDBC的使用

JDBC

package jdbc_demo;import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;public class jdbc {public static void main(String[] args)throws Exception {//1.注册驱动Class.forName("com.mysql.cj.jdbc.Driver");//2.获取连接String url="jdbc:mysql://127.0.0.1:3306/test";String username="root";String password="123";Connection conn=DriverManager.getConnection(url,username,password);//3.定义sqlString sql ="update account set money = 3000 where id=1";//4.获取执行sql的对象StatementStatement stmt = conn.createStatement();//5.执行sqlint count = stmt.executeUpdate(sql);//返回受影响的行数//6.处理结果System.out.println("受影响"+count+"行");//7.释放资源stmt.close();conn.close();}
}

数据修改成功。

DriverManager

Driver Manager的作用：

注册驱动

获取数据库连接

静态代码块会进行注册驱动。

不使用SSL

jdbc:mysql:///db1?useSSL=false

Connection

Connection作用：

获取执行SQL的对象

管理事务

获取执行SQL的对象
- 普通执行SQL对象
```
Statement createStatement()
```
- 预编译SQL的执行SQL对象：防止SQL注入
```
PreparedStatement prepareStatement(sql)
```
- 执行存储过程的对象
```
CallableStatement prepareCall(sql)
```

事务管理

MySQL事务管理

JDBC事务管理

开启事务：setAutoCommit(boolean autoCommit):true; true为自动提交事务，false为手动提交事务，也就是开启事务

提交事务：commit()

回滚事务：rollback()

package jdbc_demo;import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.sql.Statement;public class jdbc {public static void main(String[] args)throws Exception {//1.注册驱动Class.forName("com.mysql.cj.jdbc.Driver");//2.获取连接String url="jdbc:mysql://127.0.0.1:3306/test";String username="root";String password="123";Connection conn=DriverManager.getConnection(url,username,password);conn.setAutoCommit(false);//3.定义sqlString sql1 ="update account set money = 3000 where id=1";String sql2 ="update account set money = 3000 where id=2";//4.获取执行sql的对象StatementStatement stmt = conn.createStatement();//5.执行sqlint count1 = 0;//返回受影响的行数int count2 = 0;try {count1 = stmt.executeUpdate(sql1);count2 = stmt.executeUpdate(sql2);//都执行完毕了，就提交事务conn.commit();} catch (Exception e) {conn.rollback();throw new RuntimeException(e);}//6.处理结果System.out.println("受影响"+count1+"行");System.out.println("受影响"+count2+"行");//7.释放资源stmt.close();conn.close();}
}

Statement

ResultSet

while(rs.next())//光标移动到下一行，并且判断当前行数据是否有效
{//获取数据rs.getXxx(参数);
}

package jdbc_demo;import java.sql.*;public class jdbc {public static void main(String[] args)throws Exception {//1.注册驱动Class.forName("com.mysql.cj.jdbc.Driver");//2.获取连接String url="jdbc:mysql://127.0.0.1:3306/test";String username="root";String password="123";Connection conn=DriverManager.getConnection(url,username,password);conn.setAutoCommit(false);//3.定义sqlString sql="select * from account";//4.获取Statement对象Statement stmt = conn.createStatement();//执行sql语句ResultSet rs=stmt.executeQuery(sql);while(rs.next()){int id=rs.getInt(1);String name=rs.getString(2);double money =rs.getDouble(3);System.out.println(id);System.out.println(name);System.out.println(money);System.out.println("--------------------");}//7.释放资源stmt.close();conn.close();}
}

需求：查询account账户表数据，封装为Account对象中，并且存储到ArrayList集合当中。

package jdbc_demo;import pojo.Account;import java.sql.*;
import java.util.ArrayList;
import java.util.List;public class jdbc {public static void main(String[] args)throws Exception {//1.注册驱动Class.forName("com.mysql.cj.jdbc.Driver");//2.获取连接String url="jdbc:mysql://127.0.0.1:3306/test";String username="root";String password="123";Connection conn=DriverManager.getConnection(url,username,password);conn.setAutoCommit(false);//3.定义sqlString sql="select * from account";//4.获取Statement对象Statement stmt = conn.createStatement();//执行sql语句ResultSet rs=stmt.executeQuery(sql);//创建集合List<Account> list=new ArrayList<>();while(rs.next()){Account account=new Account();int id=rs.getInt(1);String name=rs.getString(2);double money =rs.getDouble(3);account.setId(id);account.setName(name);account.setMoney(money);list.add(account);}System.out.println(list);//7.释放资源stmt.close();conn.close();}
}

PreparedStatement

PreparedStatement可以在预编译阶段预防SQL注入问题。

    public void testLogin_Inject() throws SQLException {String url="jdbc:mysql://127.0.0.1:3306/test";String username="root";String password="123";Connection conn=DriverManager.getConnection(url,username,password);//接收用户输入 用户名和密码String name="张三";String pwd="123456";String sql ="select * from user where username='"+name+"'and password='"+pwd+"'";Statement stmt=conn.createStatement();ResultSet rs=stmt.executeQuery(sql);if(rs.next()){System.out.println("登录成功");}else{System.out.println("登录失败");}}

public void testLogin_Inject() throws SQLException {String url="jdbc:mysql://127.0.0.1:3306/test";String username="root";String password="123";Connection conn=DriverManager.getConnection(url,username,password);//接收用户输入 用户名和密码String name="张三";String pwd="'or'1'='1";String sql ="select * from user where username='"+name+"'and password='"+pwd+"'";Statement stmt=conn.createStatement();ResultSet rs=stmt.executeQuery(sql);if(rs.next()){System.out.println("登录成功");}else{System.out.println("登录失败");}}

为什么可以登录成功？分析一下sql语句

select * from user where username='张三'and password=''or'1'='1'

前半段无论正确与否，后半段的1=1永远成立，又是or连接符，自然查询成功了。

如何解决?

package jdbc_demo;import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;public class PreparedStatement {public static void main(String[] args)throws Exception {String url="jdbc:mysql://127.0.0.1:3306/test";String username="root";String password="123456";String name="张三";String pwd="'or'1'='1";Connection conn= DriverManager.getConnection(url,username,password);// 修复了 SQL 语句中的问题String sql ="select * from user where username=? and password=?";java.sql.PreparedStatement pstmt = conn.prepareStatement(sql);pstmt.setString(1,name);pstmt.setString(2,pwd);//执行sqlResultSet rst=pstmt.executeQuery();if(rst.next()){System.out.println("登录成功");}else{System.out.println("登录失败");}}
}