一、封装一个类
在一个utils工具包,在下面写一个JdbcUtil工具类
package com.qfedu.utils;import java.io.FileInputStream;import java.io.FileNotFoundException;import java.io.IOException;import java.sql.*;import java.util.Properties;/*** @author wodexinhuai* @create 2022-04-27-9:35*/public class JdbcUtil {private static String url = null;private static String user = null;private static String password = null;static{Properties properties = new Properties();try {properties.load(new FileInputStream("E:\\idea_workspace\\zhuzhiwei\\day39\\src\\db.properties"));String driver = properties.getProperty("Driver");url = properties.getProperty("url");user = properties.getProperty("user");password = properties.getProperty("password");Class.forName(driver);} catch (Exception e) {e.printStackTrace();}}public static Connection getConnection(){Connection connection = null;try {connection = DriverManager.getConnection(url, user, password);} catch (SQLException e) {e.printStackTrace();}return connection;}public static void close(Connection connection){try {connection.close();} catch (SQLException e) {e.printStackTrace();}}public static void close(Connection connection, Statement statement){try {connection.close();statement.close();} catch (SQLException e) {e.printStackTrace();}}public static void close(Connection connection,Statement statement, ResultSet resultSet){try {connection.close();statement.close();resultSet.close();} catch (SQLException e) {e.printStackTrace();}}}
在src写新建一个.properti的配置文件
Driver=com.mysql.jdbc.Driverurl=jdbc:mysql://localhost:3306/java2204?useSSL=falseuser=rootpassword=123456
再次增删改查时,可以直接调用封装好的类,让代码更加简洁
package com.qfedu.test;import com.qfedu.utils.JdbcUtil;import org.junit.jupiter.api.Test;import java.sql.Connection;import java.sql.ResultSet;import java.sql.SQLException;import java.sql.Statement;/*** @author wodexinhuai* @create 2022-04-27-9:34*/public class Demo1 {public static void main(String[] args) throws SQLException {// @Test// public void testAdd() throws SQLException {Connection connection = JdbcUtil.getConnection();Statement statement = connection.createStatement();String sql = "insert into work(name,age,info) values('z志伟',24,'哈哈哈哈')";int i = statement.executeUpdate(sql);System.out.println(i);JdbcUtil.close(connection,statement);}@Testpublic void testDelete() throws SQLException {Connection connection = JdbcUtil.getConnection();Statement statement = connection.createStatement();String sql = "delete from work where id = 4";int i = statement.executeUpdate(sql);JdbcUtil.close(connection,statement);}@Testpublic void testCelect() throws SQLException {Connection connection = JdbcUtil.getConnection();Statement statement = connection.createStatement();String sql = "select * from work";ResultSet resultSet = statement.executeQuery(sql);while(resultSet.next()){int id = resultSet.getInt("id");System.out.println(id);}JdbcUtil.close(connection,statement,resultSet);}}
二、预处理的搬运工对象
以后不用Statement,
参数化的SQL语句:insert into work(name,age,info) values(?,?,?)
静态的SQL语句:insert into work(name,age,info) values(“朱”,10,“啊啊”)
PreparedStatement preparedStatement = connection.prepareStatement(参数化的SQL语句);
2.1增
package com.qfedu.test2yuchuli;import com.qfedu.utils.JdbcUtil;import java.sql.Connection;import java.sql.PreparedStatement;import java.sql.SQLException;import java.sql.Statement;/*** @author wodexinhuai* @create 2022-04-27-10:53* 预处理搬运工*/public class Demo1 {public static void main(String[] args) throws SQLException {//1.获取connection对象Connection connection = JdbcUtil.getConnection();//2.准备一个参数化的sql语句 ?只是占位String sql = "insert into work(name,age,info) values (?,?,?)";//3.使用connection对象获取预处理搬运工对象PreparedStatement preparedStatement = connection.prepareStatement(sql);//4.对参数化的sql语句的?进行赋值preparedStatement.setObject(1,"朱");preparedStatement.setObject(2,99);preparedStatement.setObject(3,"信息");//5.执行sql语句int i = preparedStatement.executeUpdate();System.out.println(i);//6.关闭资源 preparedStatement是statement的子类JdbcUtil.close(connection, preparedStatement);}}
2.2模糊查询
package com.qfedu.test2yuchuli;import com.qfedu.utils.JdbcUtil;import java.sql.Connection;import java.sql.PreparedStatement;import java.sql.ResultSet;import java.sql.SQLException;import java.util.Collection;/*** @author wodexinhuai* @create 2022-04-27-11:42*/public class Demo5like {public static void main(String[] args) throws SQLException {Connection connection = JdbcUtil.getConnection();String sql = "select * from work where name like ?";PreparedStatement preparedStatement = connection.prepareStatement(sql);preparedStatement.setObject(1,"%博%");ResultSet resultSet = preparedStatement.executeQuery();while (resultSet.next()){int id = resultSet.getInt("id");String name = resultSet.getString("name");System.out.print(id + "\t");System.out.println(name);}JdbcUtil.close(connection,preparedStatement,resultSet);}}
三、SQL注入【了解】
比如有时候写的删除或者修改sql又漏洞
delete from person where id = 1 or 1 = 1;
or 1 = 1;恒成立,条件相当于没写,这叫SQL注入
搬运工Statement不能防止这种情况
预处理的搬运工prepareStatement可以
为什么预处理搬运工可以?
因为SQL是预编译的,语句里面使用占位符“?”。 一个?是一个占位2 or 1=1 三个占位,所以语法上就错了。
package com.qfedu.test3;import com.qfedu.utils.JdbcUtil;import java.sql.Connection;import java.sql.PreparedStatement;import java.sql.SQLException;import java.sql.Statement;/*** @author wodexinhuai* @create 2022-04-27-14:21*/public class Demo1 {public static void main(String[] args) throws SQLException {// testStatement();testPrepareStatement();}//搬运工 不能预防 全删public static void testStatement() throws SQLException {Connection connection = JdbcUtil.getConnection();String id = "2 or 1 = 1";String sql = "delete from person5 where id = " + id;Statement statement = connection.createStatement();int i = statement.executeUpdate(sql);System.out.println(i);JdbcUtil.close(connection,statement);}//预处理搬运工可以预防 报错public static void testPrepareStatement() throws SQLException {Connection connection = JdbcUtil.getConnection();String sql = "delete from person3 where id = ?";PreparedStatement preparedStatement = connection.prepareStatement(sql);preparedStatement.setObject(1,"1 or 1 = 1");int i = preparedStatement.executeUpdate();JdbcUtil.close(connection,preparedStatement);}}
注意!
查询的时候可以带1=1 以后会学动态SQL
删除和修改不能带1=1
四、javaBean规范和Beanutils类
4.1javaBean规范
javaBean就是java的实体类
写实体类的规范:
1.私有化成员变量2.提供一个无参数的构造方法 如果没有有参构造可以不写 默认有3.提供成员变量的set、get方法4.每一个实体类单独成一个文件
4.2Beanutils类【重点】
在jdk里面没有这个类,说明不是jdk提供的。肯定是第三方提供的类,所以要导包
在官网https://mvnrepository.com/ 搜索Beanutils
commons-beanutils-1.9.3.jar
这个类是基于反射的类,是对实体进行赋值和取值的。
异常:ClassNotFoundException 出现这样的异常大部分原因是包没有导入完全
百度,然后在下载一个commons-logging-1.2.jar,导进去
案例
package com.qfedu.test5BeanUtils;import com.qfedu.entity.Work;import org.apache.commons.beanutils.BeanUtils;import java.lang.reflect.InvocationTargetException;/*** @author wodexinhuai* @create 2022-04-27-14:59*/public class Demo1 {public static void main(String[] args) throws InvocationTargetException, IllegalAccessException, NoSuchMethodException {//对实体类的属性进行赋值和取值的//Work work = new Work();//BeanUtils都是静态方法 不用new//通过BeanUtils对work实体类进行赋值//对work类下的id进行赋值1BeanUtils.setProperty(work,"id",1);BeanUtils.setProperty(work,"name","博儿");//取值 work下的属性id的值String id = BeanUtils.getProperty(work, "id");String name = BeanUtils.getProperty(work, "name");System.out.println(id);System.out.println(name);}}
最少需要导两个包,如果还有错误,根据百度需要什么包,在进行下载和导入
五、元数据【重点】
数据库的元数据【了解】 自己百度看看
参数元数据【重点】
结果集元数据【重点】
5.1参数元数据【重点】
获取预处理的搬运工对象的时候,处理SQL语句,参数化的的SQL语句,就是那个问号
Parameter 参数 MetaData 元数据
ParameterMetaData getParameterMetaData
package com.qfedu.test6yuanshuju;import com.qfedu.utils.JdbcUtil;import java.sql.Connection;import java.sql.ParameterMetaData;import java.sql.PreparedStatement;import java.sql.SQLException;/*** @author wodexinhuai* @create 2022-04-27-15:48*///参数元数据public class Demo1 {public static void main(String[] args) throws SQLException {Connection connection = JdbcUtil.getConnection();String sql = "update work set name=?,age=?,info=? where id =?";PreparedStatement preparedStatement = connection.prepareStatement(sql);//getParameterMetaData 得到参数的元数据对象ParameterMetaData parameterMetaData = preparedStatement.getParameterMetaData();//可以获取SQL语句参数的个数 几个问号几个参数int parameterCount = parameterMetaData.getParameterCount();System.out.println(parameterCount);//获取参数个数有啥用?通过循环给参数?进行赋值Object[] objs = {"zzw",123,"hahahah",7};for (int i = 1; i <= parameterCount; i++) {preparedStatement.setObject(i,objs[i-1]);}int i = preparedStatement.executeUpdate();System.out.println(i);JdbcUtil.close(connection,preparedStatement);}}
5.2结果集元数据【重点】
Result
package com.qfedu.test6yuanshuju;import com.qfedu.utils.JdbcUtil;import java.sql.*;/*** @author wodexinhuai* @create 2022-04-27-16:09*///结果集元数据public class Demo2 {public static void main(String[] args) throws SQLException {Connection connection = JdbcUtil.getConnection();String sql = "select * from work";PreparedStatement preparedStatement = connection.prepareStatement(sql);ResultSet resultSet = preparedStatement.executeQuery();//只能通过ResultSet对象获取结果集元数据对象 ResultSetMetaDataResultSetMetaData metaData = resultSet.getMetaData();//获取列(字段)的个数int columnCount = metaData.getColumnCount();// System.out.println(columnCount);//四个字段//获取字段名字 结果集元数据.getColumnName()// System.out.println(metaData.getColumnName(1));// System.out.println(metaData.getColumnName(2));// System.out.println(metaData.getColumnName(3));// System.out.println(metaData.getColumnName(4));//通过字段名字取数据// while(resultSet.next()){// for (int i = 1; i <= columnCount; i++) {// for (int j = 1; j <= columnCount; j++) {// Object object = resultSet.getObject(metaData.getColumnName(j));// System.out.print(object + "\t");// }// System.out.println();// break;// }// }//while就是一层循环while(resultSet.next()){for (int i = 1; i <= columnCount; i++) {String columnName = metaData.getColumnName(i);System.out.print(resultSet.getObject(columnName) + "\t");}System.out.println();}JdbcUtil.close(connection,preparedStatement,resultSet);}}
若有收获,就点个赞吧
0 人点赞
