本人是刚学jdbc的小萌新,记录一下java操作数据库的一些基本操作
1.建立与数据库的连接,关闭结果集,声明,连接
package jdbc;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
public class JDBCUtils {
private static final String CONNECTIONURL="jdbc:mysql://127.0.0.1:3305/runoob?characterEncoding=UTF-8";
private static final String USERNAME="root";
private static final String PASSWORD="zc2001313";
public static Connection getConnection() {
Connection c=null;
try {
Class.forName("com.mysql.jdbc.Driver");//驱动
c = DriverManager.getConnection(CONNECTIONURL,USERNAME,PASSWORD);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return c;
}
public static void close(ResultSet rs,Statement stmt,Connection c) {
try {
if(rs !=null)rs.close();
}catch (SQLException e) {
e.printStackTrace();
}
try {
if(stmt !=null)stmt.close();
}catch(SQLException e) {
e.printStackTrace();
}
try {
if(c !=null)c.close();
}catch(SQLException e) {
e.printStackTrace();
}
}
}
2.增删改查操作
package jdbc;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
public class TestJDBC {
//查询表内所有内容
public static void SelectAll() {
Connection c=null;//定义在外面,而不是定义在try里面,这样就不是局部变量
Statement s =null;
ResultSet rs=null;
try {
c=JDBCUtils.getConnection();
s=c.createStatement();//创建statement
String sql = "select * from runoob_tbl";//准备sql语句
rs = s.executeQuery(sql);//执行语句得到结果集
while(rs.next()) {//查询的两种方式:1.字段名查询(要加引号) 2.查找索引(数字)
System.out.println(rs.getInt("runoob_id")+","+rs.getString(2)+","+rs.getString(3)+","+rs.getString(4));
}
} catch (SQLException e) {
e.printStackTrace();
}finally {//谁最后打开,谁先关闭
jdbc.JDBCUtils.close(rs, s, c);
}
}
//按页查询表内内容,pageCount代表一页有几行,pageNumber代表第几页
public static void SelectUserByPage(int pageNumber,int pageCount){
Connection c=null;//定义在外面,而不是定义在try里面,这样就不是局部变量
PreparedStatement pstmt =null;
ResultSet rs=null;
try {
c = JDBCUtils.getConnection();
String sql = "select * from runoob_tbl limit ?,?";//准备sql语句
pstmt=c.prepareStatement(sql);//创建preparestatement,p不大写,也没有d
pstmt.setInt(1, (pageNumber-1)*pageCount);
pstmt.setInt(2, pageCount);
rs= pstmt.executeQuery();
while(rs.next()) {
System.out.println(rs.getInt(1)+","+rs.getString(2)+","+rs.getString(3)+","+rs.getString(4));
}
} catch (SQLException e) {
e.printStackTrace();
}finally {//谁最后打开,谁先关闭
jdbc.JDBCUtils.close(rs, pstmt, c);
}
}
//这个好像只能插入非中文用户名
public static void insert(String username,String password,int money) {
Connection c=null;
PreparedStatement pstmt=null;
ResultSet rs = null;
c =JDBCUtils.getConnection();
String sql ="insert into user(username,password,balance)values(?,?,?)";
try {
pstmt=c.prepareStatement(sql);
pstmt.setString(1, username);
pstmt.setString(2, password);
pstmt.setInt(3, money);
int result = pstmt.executeUpdate();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} finally {
JDBCUtils.close(rs, pstmt, c);
}
}
//删除操作
public static void delete(int id) {
Connection c=null;
PreparedStatement pstmt =null;
ResultSet rs=null;
c=JDBCUtils.getConnection() ;
String sql = "delete from user where id = ?";
try {
pstmt = c.prepareStatement(sql);
pstmt.setInt(1, id);
int result = pstmt.executeUpdate();
if(result >0)System.out.println("删除成功!");
else System.out.println("删除失败!");
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} finally {
JDBCUtils.close(rs, pstmt, c);
}
}
//更新密码操作
public static void update(int id,String newPassword) {
Connection c=null;
PreparedStatement pstmt =null;
ResultSet rs=null;
c=JDBCUtils.getConnection() ;
String sql = "update user set password = ? where id = ?";
try {
pstmt = c.prepareStatement(sql);
pstmt.setString(1, newPassword);
pstmt.setInt(2, id);
int result = pstmt.executeUpdate();
if(result >0)System.out.println("修改成功!");
else System.out.println("修改失败!");
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} finally {
JDBCUtils.close(rs, pstmt, c);
}
}
}
3.转账操作(用到事务)
目标是将用户1:username1 的 money元 转给用户2:username2
//转账的事务操作,所谓事务,即要么其中的操作都完成,要么都失败
public static void transferAccount(String username1,String username2,int money) {
Connection c = null;
PreparedStatement pstmt1= null;
PreparedStatement pstmt2= null;
ResultSet rs = null;
c=JDBCUtils.getConnection();
try {
c.setAutoCommit(false);//开启事务
String sql = "update user set balance = balance - ? where username = ?";
pstmt1 = c.prepareStatement(sql);
pstmt1.setInt(1, money);
pstmt1.setString(2, username1);
pstmt1.executeUpdate();
sql = "update user set balance = balance + ? where username = ?";
pstmt2 = c.prepareStatement(sql);
pstmt2.setInt(1, money);
pstmt2.setString(2,username2);
pstmt2.executeUpdate();
c.commit();//提交事务
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}finally {
JDBCUtils.close(rs, pstmt1, c);
JDBCUtils.close(rs, pstmt2, c);
}
}
4.验证密码
以下方法为1.0,不太聪明的方法,因为如果有高手的话,会利用sql语句强行登陆
public static boolean CheckUserPassword(String username,String password) {
Connection c=null;//定义在外面,而不是定义在try里面,这样就不是局部变量
Statement stmt =null;
ResultSet rs=null;
try {
c = jdbc.JDBCUtils.getConnection();
stmt=c.createStatement();//创建statement
String sql = "select * from user where username='"+username+"' and password='"+password+"'";//准备sql语句
rs = stmt.executeQuery(sql);//执行语句得到结果集
if(rs.next()) {
return true;
}else {
return false;
}
}catch (SQLException e) {
e.printStackTrace();
}finally {//谁最后打开,谁先关闭
jdbc.JDBCUtils.close(rs, stmt, c);
}
return false;//不能讲return false 写在finally 里面,java与c语言不同,java执行return之后,会继续执行下面的语句
}
验证密码1.0版本,这虽然能验证密码,但是由于sql语句注入的问题,这种方法不太安全,所以我们采用2.0的升级版本,用到了preparedstatement
//与下面的验证密码方法1.0相比,2.0升级版可以解决sql注入问题,即输入sql语句强行登陆
public static boolean CheckUserPasswordUp(String username,String password) {
Connection c=null;//定义在外面,而不是定义在try里面,这样就不是局部变量
PreparedStatement pstmt =null;
ResultSet rs=null;
try {
c=JDBCUtils.getConnection();
String sql ="select * from user where username=? and password=?";
pstmt = c.prepareStatement(sql);
pstmt.setString(1,username);
pstmt.setString(2,password);
rs= pstmt.executeQuery();
if(rs.next())return true;
else return false;
} catch (SQLException e) {
e.printStackTrace();
}finally {//谁最后打开,谁先关闭
JDBCUtils.close(rs, pstmt, c);
}
return false;//不能讲return false 写在finally 里面,java与c语言不同,java执行return之后,会继续执行下面的语句
}