博客地址:http://blog.csdn.net/heyiaiqing/article/details/74091637
1. 開發(fā)流程
// 注冊了兩次驅動程序,造成浪費彤灶,推薦使用反射
// DriverManager.registerDriver(new Driver());
// new Driver();
// 1. 注冊JDBC的驅動
Class.forName("com.mysql.jdbc.Driver");
// 2. 獲得數(shù)據(jù)庫連接枫攀,DriverManager類中的靜態(tài)方法
String url = "jdbc:mysql://localhost:3306/luoDatabase";
String userName = "Luo";
String password = "lingli520";
Connection connection = DriverManager.getConnection(url, userName, password);
System.out.println(connection); // 返回的該接口的實現(xiàn)類
// 3. 獲得語句執(zhí)行平臺,通過數(shù)據(jù)庫連接對象蘸秘,獲取到SQL語句的執(zhí)行者對象
Statement statement = connection.createStatement();
// 4. 執(zhí)行SQL語句
statement.executeUpdate("INSERT INTO users(uId, uName,uAddress) VALUES (10,'luo','江西'),(11,'wangge','江西2'),(12,'Luo','江西3'),(13,'Luo_Luo','江西4');");
// 5. 結果處理
// 6. 釋放一堆資源
statement.close(); // 釋放執(zhí)行者對象
connection.close(); // 釋放連接對象
2. 查詢
// 查詢數(shù)據(jù)
ResultSet resultSet = statement.executeQuery("SELECT * FROM users;");
// 5. 結果處理
while (resultSet.next()) {
System.out.println(resultSet.getInt("uId") + "\t" + resultSet.getString("uName") + "\t" + resultSet.getString("uAddress"));
}
// 6. 釋放一堆資源
resultSet.close();
3. SQL注入攻擊案例
statement.executeQuery("SELECT * FROM users where uName = '" + name + "' AND uPassword = '" + pwd + "';");
// 這個時候只需要輸入pwd的時候注入一些SQL代碼就能達到SQL注入攻擊的目的
4. 防止注入攻擊(采用占位符?)
采用PreparedStatement(實現(xiàn)SQL的預編譯,多次高效執(zhí)行SQL語句)
statement.executeQuery("SELECT * FROM users where uName = ? AND uPassword = ?;");
5. 工具類
public class JdbcUtils {
private static Connection con;
private JdbcUtils() {
}
static {
try {
// 1. 添加MySql驅動
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/luoDatabase";
String userName = "Luo";
String password = "lingli520";
// 2. 獲取一個連接
con = DriverManager.getConnection(url, userName, password);
} catch (ClassNotFoundException | SQLException e) {
throw new RuntimeException(e + "連接失敗");
}
}
/**
* 發(fā)起獲得一個連接
*
* @return 返回數(shù)據(jù)庫連接
*/
public static Connection getConnection() {
return con;
}
/**
* 關閉資源類
*
* @param con 數(shù)據(jù)庫連接對象
* @param state state
* @param rs 結果集
*/
public static void close(Connection con, Statement state, ResultSet rs) {
if (rs != null) {
try {
rs.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (state != null) {
try {
state.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (con != null) {
try {
con.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
6. 配置文件的設置
# 1. 配置文件放在bin目錄下
# 2. 配置文件名字以properties為擴展名(database.properties)
# 3. 數(shù)據(jù)以鍵值對的形式存儲
7. 讀取配置文件的工具類
/*
* 編寫數(shù)據(jù)庫連接的工具類,JDBC工具類
* 獲取連接對象采用讀取配置文件方式
* 讀取文件獲取連接,執(zhí)行一次,static{}
*/
public class JDBCUtilsConfig {
private static Connection con ;
private static String driverClass;
private static String url;
private static String username;
private static String password;
static{
try{
readConfig();
Class.forName(driverClass);
con = DriverManager.getConnection(url, username, password);
}catch(Exception ex){
throw new RuntimeException("數(shù)據(jù)庫連接失敗");
}
}
private static void readConfig()throws Exception{
InputStream in = JDBCUtilsConfig.class.getClassLoader().getResourceAsStream("database.properties");
Properties pro = new Properties();
pro.load(in);
driverClass=pro.getProperty("driverClass");
url = pro.getProperty("url");
username = pro.getProperty("username");
password = pro.getProperty("password");
}
/**
* 獲取數(shù)據(jù)庫的連接對象
*/
public static Connection getConnection(){
return con;
}
/**
* 關閉資源類
*
* @param con 數(shù)據(jù)庫連接對象
* @param state state
* @param rs 結果集
*/
public static void close(Connection con, Statement state, ResultSet rs) {
if (rs != null) {
try {
rs.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (state != null) {
try {
state.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
if (con != null) {
try {
con.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
總結
JDBC的代碼冗余很多膀曾,因此下一篇將介紹簡化版的Apache的DBUtils.