JDBC API及其应用

JDBC 的核心 API

DriverManager

驱动管理

  1. 管理和注册驱动
Class.forName("com.mysql.jdbc.Driver");
  1. 创建数据库的连接

Connection getConnection (String url, String user, String password)
Connection getConnection (String url, Properties info)
URL

//使用方法1
package cn.itcast.jdbc;

import java.sql.Connection;
import java.sql.DriverManager;


public class JdbcDemo1 {
    
    
    public static void main(String[] args) throws Exception {
    
    
        String url = "jdbc:mysql://localhost:3306/db3";
        Connection connection = DriverManager.getConnection(url, "root", "root");
        System.out.println(connection);
    }
}
//方法2
package cn.itcast.jdbc;

import java.sql.Connection;
import java.sql.DriverManager;
import java.util.Properties;


public class JdbcDemo1 {
    
    
    public static void main(String[] args) throws Exception {
    
    
        String url = "jdbc:mysql://localhost:3306/db3";
        Properties info = new Properties();
        info.setProperty("user", "root");//user=root
        info.setProperty("password", "root");//password=root
        Connection connection = DriverManager.getConnection(url, info);
        System.out.println(connection);
    }
}

运行结果

com.mysql.jdbc.JDBC4Connection@5a10411

Connection

数据库连接
Statement createStatement():创建SQL语句执行通道
PreparedStatement prepareStatement(String sql) :指定预编译的 SQL 语句,SQL 语句中使用占位符?

Statement

执行sql语句
boolean execute(String sql):用于发送任意的语句
参数:SQL 语句
返回值:是否成功
int executeUpdate(String sql):用于发送 DML ,DDL语句
参数:SQL 语句
返回值:对数据库影响的行数
ResultSet executeQuery(String sql):用于发送 DQL 语句
参数:SQL 语句
返回值:查询的结果集

ResultSet

结果集
boolean next():游标向下移动 1 行
返回 boolean 类型,如果还有下一条记录,返回 true,否则返回 false
在这里插入图片描述

PreparedStatemen

PreparedStatement 是 Statement 接口的子接口,继承于父接口中所有的方法。它是一个预编译的 SQL 语句
void setDouble(int parameterIndex, double x) 将指定参数设置为给定 Java double 值。
void setFloat(int parameterIndex, float x) 将指定参数设置为给定 Java REAL 值。
void setInt(int parameterIndex, int x) 将指定参数设置为给定 Java int 值。
void setLong(int parameterIndex, long x) 将指定参数设置为给定 Java long 值。
void setObject(int parameterIndex, Object x) 使用给定对象设置指定参数的值。
void setString(int parameterIndex, String x) 将指定参数设置为给定 Java String 值。

SQL注入

SQL注入即是指web应用程序对用户输入数据的合法性没有判断或过滤不严,攻击者可以在web应用程序中事先定义好的查询语句的结尾上添加额外的SQL语句,在管理员不知情的情况下实现非法操作,以此来实现欺骗数据库服务器执行非授权的任意查询,从而进一步得到相应的数据信息。

预编译sql

练习:执行DML语句-包括增改删操作

练习:account表 添加一条记录

运行前:
未添加记录前

package cn.itcast.jdbc;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.sql.Statement;

/**
 * account表 添加一条记录
 */
public class JDBCDemo2 {
    
    
    public static void main(String[] args) {
    
    
        //Connection->Statement
        Statement stmt = null;
        Connection conn = null;
        try {
    
    
            Class.forName("com.mysql.jdbc.Driver");
            String sql = "insert into account values(null,'wangwu',3000)";
            conn = DriverManager.getConnection("jdbc:mysql:///db3", "root", "root");
            stmt = conn.createStatement();
            int count = stmt.executeUpdate(sql);
            if (count > 0) {
    
    
                System.out.println("添加成功!");
            } else {
    
    
                System.out.println("添加失败!");
            }

        } catch (ClassNotFoundException e) {
    
    
            e.printStackTrace();
        } catch (SQLException e) {
    
    
            e.printStackTrace();
        } finally {
    
    
            if (stmt != null) {
    
    
                try {
    
    
                    stmt.close();
                } catch (SQLException e) {
    
    
                    e.printStackTrace();
                }
            }

            if (conn != null) {
    
    
                try {
    
    
                    conn.close();
                } catch (SQLException e) {
    
    
                    e.printStackTrace();
                }
            }
        }
    }
}

运行后
插入记录之后

练习:account表 修改记录

运行前:
修改记录之前

package cn.itcast.jdbc;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.sql.Statement;

/**
 * account表 修改记录
 */
public class JDBCDemo3 {
    
    
    public static void main(String[] args) {
    
    
        Connection conn = null;
        Statement stmt = null;
        try {
    
    
            Class.forName("com.mysql.jdbc.Driver");
            conn = DriverManager.getConnection("jdbc:mysql:///db3", "root", "root");
            String sql = "update account set balance = 1500 where id = 12";
            stmt = conn.createStatement();
            int count = stmt.executeUpdate(sql);
            if (count > 0) {
    
    
                System.out.println("修改成功!");
            } else {
    
    
                System.out.println("修改失败");
            }

        } catch (ClassNotFoundException e) {
    
    
            e.printStackTrace();
        } catch (SQLException e) {
    
    
            e.printStackTrace();
        } finally {
    
    
            if (stmt != null) {
    
    
                try {
    
    
                    stmt.close();
                } catch (SQLException e) {
    
    
                    e.printStackTrace();
                }
            }

            if (conn != null) {
    
    
                try {
    
    
                    conn.close();
                } catch (SQLException e) {
    
    
                    e.printStackTrace();
                }
            }
        }
    }
}

运行后:
修改记录之后

练习:account表 删除一条记录

运行前:
删除记录之前

package cn.itcast.jdbc;


import cn.itcast.util.JDBCUtils;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.sql.Statement;

/**
 * account表 删除一条记录
 */
public class JDBCDemo4 {
    
    
    public static void main(String[] args) {
    
    
        Connection conn = null;
        Statement stmt = null;
        try {
    
    
            Class.forName("com.mysql.jdbc.Driver");
            conn = DriverManager.getConnection("jdbc:mysql:///db3", "root", "root");
            String sql = "delete from account where id = 12";
            stmt = conn.createStatement();
            int count = stmt.executeUpdate(sql);
            if (count > 0) {
    
    
                System.out.println("删除成功!");
            } else {
    
    
                System.out.println("删除失败");
            }

        } catch (ClassNotFoundException e) {
    
    
            e.printStackTrace();
        } catch (SQLException e) {
    
    
            e.printStackTrace();
        } finally {
    
    
            if (stmt != null) {
    
    
                try {
    
    
                    stmt.close();
                } catch (SQLException e) {
    
    
                    e.printStackTrace();
                }
            }

            if (conn != null) {
    
    
                try {
    
    
                    conn.close();
                } catch (SQLException e) {
    
    
                    e.printStackTrace();
                }
            }
        }
    }
}

运行后:
删除记录之后

练习:执行DDL语句

练习:执行DDL语句 创建student表

运行前:
创建student前

package cn.itcast.jdbc;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.sql.Statement;

/**
 * 执行DDL语句 创建student表
 */
public class JDBCDemo5 {
    
    
    public static void main(String[] args) {
    
    
        Connection conn = null;
        Statement stmt = null;
        try {
    
    
            Class.forName("com.mysql.jdbc.Driver");
            conn = DriverManager.getConnection("jdbc:mysql:///db3", "root", "root");
            String sql = "create table student (id int , name varchar(20))";
            stmt = conn.createStatement();
            int count = stmt.executeUpdate(sql);
        } catch (ClassNotFoundException e) {
    
    
            e.printStackTrace();
        } catch (SQLException e) {
    
    
            e.printStackTrace();
        } finally {
    
    
            if (stmt != null) {
    
    
                try {
    
    
                    stmt.close();
                } catch (SQLException e) {
    
    
                    e.printStackTrace();
                }
            }

            if (conn != null) {
    
    
                try {
    
    
                    conn.close();
                } catch (SQLException e) {
    
    
                    e.printStackTrace();
                }
            }
        }
    }

}

运行后:
创建student后

练习:执行DQL语句

package cn.itcast.jdbc;

import java.sql.*;

/**
 * 执行DDL语句
 */
public class JDBCDemo7 {
    
    
    public static void main(String[] args) {
    
    
        Connection conn = null;
        Statement stmt = null;
        ResultSet rs = null;
        try {
    
    
            Class.forName("com.mysql.jdbc.Driver");
            conn = DriverManager.getConnection("jdbc:mysql:///db3", "root", "root");
            String sql = "select * from account";
            stmt = conn.createStatement();
            rs = stmt.executeQuery(sql);
            while (rs.next()) {
    
    
                int id = rs.getInt("id");
                String name = rs.getString("name");
                double balance = rs.getDouble("balance");
                System.out.println(id + "---" + name + "---" + balance);
            }
        } catch (ClassNotFoundException e) {
    
    
            e.printStackTrace();
        } catch (SQLException e) {
    
    
            e.printStackTrace();
        } finally {
    
    
            if (rs != null) {
    
    
                try {
    
    
                    rs.close();
                } catch (SQLException e) {
    
    
                    e.printStackTrace();
                }
            }

            if (stmt != null) {
    
    
                try {
    
    
                    stmt.close();
                } catch (SQLException e) {
    
    
                    e.printStackTrace();
                }
            }

            if (conn != null) {
    
    
                try {
    
    
                    conn.close();
                } catch (SQLException e) {
    
    
                    e.printStackTrace();
                }
            }
        }
    }

}

运行结果

1—zhangsan—1000.0
2—lisi—1000.0

练习:将db3中的emp职员信息从表中读出并封装到集合中

职员类

package cn.itcast.domain;

import java.util.Date;

/**
 * 封装Emp表数据的JavaBean
 */
public class Emp {
    
    
    private int id;         //员工编号
    private String ename;   //员工名字
    private int job_id;     //员工的职务编号(外键)
    private int mgr;        //员工的上级领导
    private Date joindate;  //员工的入职时间
    private double salary;  //员工的薪资
    private double bonus;   //员工的奖金
    private int dept_id;    //员工所属部门(外键)

    public int getId() {
    
    
        return id;
    }

    public void setId(int id) {
    
    
        this.id = id;
    }

    public String getEname() {
    
    
        return ename;
    }

    public void setEname(String ename) {
    
    
        this.ename = ename;
    }

    public int getJob_id() {
    
    
        return job_id;
    }

    public void setJob_id(int job_id) {
    
    
        this.job_id = job_id;
    }

    public int getMgr() {
    
    
        return mgr;
    }

    public void setMgr(int mgr) {
    
    
        this.mgr = mgr;
    }

    public Date getJoindate() {
    
    
        return joindate;
    }

    public void setJoindate(Date joindate) {
    
    
        this.joindate = joindate;
    }

    public double getSalary() {
    
    
        return salary;
    }

    public void setSalary(double salary) {
    
    
        this.salary = salary;
    }


    public int getDept_id() {
    
    
        return dept_id;
    }

    public void setDept_id(int dept_id) {
    
    
        this.dept_id = dept_id;
    }


    public double getBonus() {
    
    
        return bonus;
    }

    public void setBonus(double bonus) {
    
    
        this.bonus = bonus;
    }


    @Override
    public String toString() {
    
    
        return "Emp{" +
                "id=" + id +
                ", ename='" + ename + '\'' +
                ", job_id=" + job_id +
                ", mgr=" + mgr +
                ", joindate=" + joindate +
                ", salary=" + salary +
                ", bonus=" + bonus +
                ", dept_id=" + dept_id +
                '}';
    }
}

测试类1

package cn.itcast.jdbc;

import cn.itcast.domain.Emp;

import java.sql.*;
import java.util.ArrayList;
import java.util.List;

/**
 * * 定义一个方法,查询emp表的数据将其封装为对象,然后装载集合,返回。
 */
public class JDBCDemo8 {
    
    

    public static void main(String[] args) {
    
    
        List<Emp> list = new JDBCDemo8().findAll();
        System.out.println(list);
        System.out.println(list.size());
    }

    /**
     * 查询db3中的emp表数据封装到集合中
     *
     * @return
     */
    public List<Emp> findAll() {
    
    
        Connection conn = null;
        Statement stmt = null;
        ResultSet rs = null;
        List<Emp> list = null;
        try {
    
    
            Class.forName("com.mysql.jdbc.Driver");
            conn = DriverManager.getConnection("jdbc:mysql:///db3", "root", "root");
            String sql = "select * from emp";
            stmt = conn.createStatement();
            rs = stmt.executeQuery(sql);

            Emp emp = null;
            list = new ArrayList<Emp>();
            while (rs.next()) {
    
    
                emp = new Emp();
                //获取值并封装到对象中
                emp.setId(rs.getInt("id"));
                emp.setEname(rs.getString("ename"));
                emp.setJob_id(rs.getInt("job_id"));
                emp.setMgr(rs.getInt("mgr"));
                emp.setJoindate(rs.getDate("joindate"));
                emp.setSalary(rs.getDouble("salary"));
                emp.setBonus(rs.getDouble("bonus"));
                emp.setDept_id(rs.getInt("dept_id"));
                list.add(emp);
            }

        } catch (ClassNotFoundException e) {
    
    
            e.printStackTrace();
        } catch (SQLException e) {
    
    
            e.printStackTrace();
        } finally {
    
    
            if (rs != null) {
    
    
                try {
    
    
                    rs.close();
                } catch (SQLException e) {
    
    
                    e.printStackTrace();
                }
            }

            if (stmt != null) {
    
    
                try {
    
    
                    stmt.close();
                } catch (SQLException e) {
    
    
                    e.printStackTrace();
                }
            }

            if (conn != null) {
    
    
                try {
    
    
                    conn.close();
                } catch (SQLException e) {
    
    
                    e.printStackTrace();
                }
            }
        }
        return list;
    }
}

运行结果

[Emp{id=1001, ename=‘孙悟空’, job_id=4, mgr=1004, joindate=2000-12-17, salary=8000.0, bonus=0.0, dept_id=20}, Emp{id=1002, ename=‘卢俊义’, job_id=3, mgr=1006, joindate=2001-02-20, salary=16000.0, bonus=3000.0, dept_id=30}, Emp{id=1003, ename=‘林冲’, job_id=3, mgr=1006, joindate=2001-02-22, salary=12500.0, bonus=5000.0, dept_id=30}, Emp{id=1004, ename=‘唐僧’, job_id=2, mgr=1009, joindate=2001-04-02, salary=29750.0, bonus=0.0, dept_id=20}, Emp{id=1005, ename=‘李逵’, job_id=4, mgr=1006, joindate=2001-09-28, salary=12500.0, bonus=14000.0, dept_id=30}, Emp{id=1006, ename=‘宋江’, job_id=2, mgr=1009, joindate=2001-05-01, salary=28500.0, bonus=0.0, dept_id=30}, Emp{id=1007, ename=‘刘备’, job_id=2, mgr=1009, joindate=2001-09-01, salary=24500.0, bonus=0.0, dept_id=10}, Emp{id=1008, ename=‘猪八戒’, job_id=4, mgr=1004, joindate=2007-04-19, salary=30000.0, bonus=0.0, dept_id=20}, Emp{id=1009, ename=‘罗贯中’, job_id=1, mgr=0, joindate=2001-11-17, salary=50000.0, bonus=0.0, dept_id=10}, Emp{id=1010, ename=‘吴用’, job_id=3, mgr=1006, joindate=2001-09-08, salary=15000.0, bonus=0.0, dept_id=30}, Emp{id=1011, ename=‘沙僧’, job_id=4, mgr=1004, joindate=2007-05-23, salary=11000.0, bonus=0.0, dept_id=20}, Emp{id=1012, ename=‘李逵’, job_id=4, mgr=1006, joindate=2001-12-03, salary=9500.0, bonus=0.0, dept_id=30}, Emp{id=1013, ename=‘小白龙’, job_id=4, mgr=1004, joindate=2001-12-03, salary=30000.0, bonus=0.0, dept_id=20}, Emp{id=1014, ename=‘关羽’, job_id=4, mgr=1007, joindate=2002-01-23, salary=13000.0, bonus=0.0, dept_id=10}]
14

测试类2:抽取JDBC工具类(JDBCUtils.java)

Properties

//JDBC工具类
package cn.itcast.util;

import java.io.FileReader;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLDecoder;
import java.sql.*;
import java.util.Properties;


/**
 * JDBC工具类
 */
public class JDBCUtils {
    
    
    private static String url;
    private static String user;
    private static String password;
    private static String driver;

    /**
     * 配置文件读取DriverManager.getConnection的参数信息
     */
    static {
    
    //只需读取一次文件,设置静止代码块
        try {
    
    
            //获取配置文件信息
            ClassLoader classLoader = JDBCUtils.class.getClassLoader();
            URL res = classLoader.getResource("jdbc.properties");

            //获取配置文件路径
            String path = res.getPath();

            //修改文件路径的字符编码,可能会出现乱码
            try {
    
    
                path = URLDecoder.decode(path, "UTF-8");
            } catch (UnsupportedEncodingException e) {
    
    
                e.printStackTrace();
            }

            //获取配置文件的内容,加载到pro(Properties)中
            FileReader fr = new FileReader(path);
            Properties pro = new Properties();
            pro.load(fr);

            //读出属性并赋值
            url = pro.getProperty("url");
            user = pro.getProperty("user");
            password = pro.getProperty("password");
            driver = pro.getProperty("driver");

            Class.forName(driver);

        } catch (IOException e) {
    
    
            e.printStackTrace();
        } catch (ClassNotFoundException e) {
    
    
            e.printStackTrace();
        }
    }


    /**
     * 获取连接
     *
     * @return 连接对象
     */
    public static Connection getConnection() throws SQLException {
    
    
        return DriverManager.getConnection(url, user, password);
    }


    /**
     * 释放资源(增删改)
     *
     * @param conn:数据库的连接对象
     * @param stmt:sql语句的传递对象
     */
    public static void close(Connection conn, Statement stmt) {
    
    
        if (stmt != null) {
    
    
            try {
    
    
                stmt.close();
            } catch (SQLException e) {
    
    
                e.printStackTrace();
            }
        }

        if (conn != null) {
    
    
            try {
    
    
                conn.close();
            } catch (SQLException e) {
    
    
                e.printStackTrace();
            }
        }
    }


    /**
     * 释放资源(查)
     *
     * @param conn:数据库的连接对象
     * @param stmt:sql语句的传递对象
     * @param rs:结果集对象
     */
    public static void close(Connection conn, Statement stmt, ResultSet rs) {
    
    
        if (rs != null) {
    
    
            try {
    
    
                rs.close();
            } catch (SQLException e) {
    
    
                e.printStackTrace();
            }
        }

        if (stmt != null) {
    
    
            try {
    
    
                stmt.close();
            } catch (SQLException e) {
    
    
                e.printStackTrace();
            }
        }

        if (conn != null) {
    
    
            try {
    
    
                conn.close();
            } catch (SQLException e) {
    
    
                e.printStackTrace();
            }
        }
    }
}
//测试类
package cn.itcast.jdbc;

import cn.itcast.domain.Emp;
import cn.itcast.util.JDBCUtils;

import java.sql.*;
import java.util.ArrayList;
import java.util.List;

/**
 * * 定义一个方法,查询emp表的数据将其封装为对象,然后装载集合,返回。
 */
public class JDBCDemo8 {
    
    

    public static void main(String[] args) {
    
    
        List<Emp> list = new JDBCDemo8().findAll();
        System.out.println(list);
        System.out.println(list.size());
    }

    /**
     * 查询db3中的emp表数据封装到集合中(JDBC)
     *
     * @return
     */
    public List<Emp> findAll() {
    
    
        Connection conn = null;
        Statement stmt = null;
        ResultSet rs = null;
        List<Emp> list = null;
        try {
    
    
            conn = JDBCUtils.getConnection();

            String sql = "select * from emp";
            stmt = conn.createStatement();
            rs = stmt.executeQuery(sql);

            Emp emp = null;
            list = new ArrayList<Emp>();
            while (rs.next()) {
    
    
                emp = new Emp();
                //获取值并封装到对象中
                emp.setId(rs.getInt("id"));
                emp.setEname(rs.getString("ename"));
                emp.setJob_id(rs.getInt("job_id"));
                emp.setMgr(rs.getInt("mgr"));
                emp.setJoindate(rs.getDate("joindate"));
                emp.setSalary(rs.getDouble("salary"));
                emp.setBonus(rs.getDouble("bonus"));
                emp.setDept_id(rs.getInt("dept_id"));
                list.add(emp);
            }

        } catch (SQLException e) {
    
    
            e.printStackTrace();
        } finally {
    
    
            JDBCUtils.close(conn, stmt, rs);
        }
        return list;
    }
}

运行结果

[Emp{id=1001, ename=‘孙悟空’, job_id=4, mgr=1004, joindate=2000-12-17, salary=8000.0, bonus=0.0, dept_id=20}, Emp{id=1002, ename=‘卢俊义’, job_id=3, mgr=1006, joindate=2001-02-20, salary=16000.0, bonus=3000.0, dept_id=30}, Emp{id=1003, ename=‘林冲’, job_id=3, mgr=1006, joindate=2001-02-22, salary=12500.0, bonus=5000.0, dept_id=30}, Emp{id=1004, ename=‘唐僧’, job_id=2, mgr=1009, joindate=2001-04-02, salary=29750.0, bonus=0.0, dept_id=20}, Emp{id=1005, ename=‘李逵’, job_id=4, mgr=1006, joindate=2001-09-28, salary=12500.0, bonus=14000.0, dept_id=30}, Emp{id=1006, ename=‘宋江’, job_id=2, mgr=1009, joindate=2001-05-01, salary=28500.0, bonus=0.0, dept_id=30}, Emp{id=1007, ename=‘刘备’, job_id=2, mgr=1009, joindate=2001-09-01, salary=24500.0, bonus=0.0, dept_id=10}, Emp{id=1008, ename=‘猪八戒’, job_id=4, mgr=1004, joindate=2007-04-19, salary=30000.0, bonus=0.0, dept_id=20}, Emp{id=1009, ename=‘罗贯中’, job_id=1, mgr=0, joindate=2001-11-17, salary=50000.0, bonus=0.0, dept_id=10}, Emp{id=1010, ename=‘吴用’, job_id=3, mgr=1006, joindate=2001-09-08, salary=15000.0, bonus=0.0, dept_id=30}, Emp{id=1011, ename=‘沙僧’, job_id=4, mgr=1004, joindate=2007-05-23, salary=11000.0, bonus=0.0, dept_id=20}, Emp{id=1012, ename=‘李逵’, job_id=4, mgr=1006, joindate=2001-12-03, salary=9500.0, bonus=0.0, dept_id=30}, Emp{id=1013, ename=‘小白龙’, job_id=4, mgr=1004, joindate=2001-12-03, salary=30000.0, bonus=0.0, dept_id=20}, Emp{id=1014, ename=‘关羽’, job_id=4, mgr=1007, joindate=2002-01-23, salary=13000.0, bonus=0.0, dept_id=10}]
14

tip:在读取文件FileReader fr = new FileReader(path);之前,没有修改路径名的编码格式会发生乱码的现象,所以添加了:

		try {
     
     
               path = URLDecoder.decode(path, "UTF-8");
           } catch (UnsupportedEncodingException e) {
     
     
               e.printStackTrace();
           }

编码进行处理

练习:在db4中创建USER表包含用户的id,username,password,并尝试登陆

1. 创建USER数据库

USER数据库创建

2.修改配置文件信息

配置文件修改

3.JDBCUtils代码(未变)

4.测试类JDBCDemo09中测试方法login(有bug)——在3的基础上

package cn.itcast.jdbc;

import cn.itcast.util.JDBCUtils;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Scanner;

/**
 * 登陆示例
 */
public class JDBCDemo09 {
    
    
    public static void main(String[] args) {
    
    
        Scanner sc = new Scanner(System.in);

        System.out.println("请输入用户名:");
        String username = sc.nextLine();

        System.out.println("请输入密码:");
        String password = sc.nextLine();

        boolean flag = new JDBCDemo09().login(username, password);
        if (flag) System.out.println("登陆成功");
        else System.out.println("用户名或密码错误");
    }

    /**
     * 登陆方法
     *
     * @param username:用户姓名
     * @param password:用户密码
     * @return:是否登陆成功
     */
    public boolean login(String username, String password) {
    
    
        if (username == null || password == null) return false;

        Connection conn = null;
        Statement st = null;
        ResultSet rs = null;

        try {
    
    
            conn = JDBCUtils.getConnection();
            //(select * from user where username = ')(username)(' and password = ')(password)(')
            String sql = "select * from user where username = '" + username + "' and password = '" + password + "'";
            st = conn.createStatement();
            rs = st.executeQuery(sql);
            return rs.next();

        } catch (SQLException throwables) {
    
    
            throwables.printStackTrace();
        } finally {
    
    
            JDBCUtils.close(conn, st, rs);
        }
        return false;
    }
}

运行结果1

请输入用户名:
rose
请输入密码:
456
登陆成功

运行结果2

请输入用户名:
rose
请输入密码:
123
用户名或密码错误

5.测试类JDBCDemo09中测试方法login(优化)——在3,4的基础上

tip:存在一定得问题
bug
当输入一个乱七八糟的用户名和a' or 'a' = 'a会显示登陆成功。

将sql语句还原:

select * from user where username = 'hcauibawbefujhb' and password = a' or 'a' = 'a'

存在恒等式'a' = 'a',所以会返回结果true

package cn.itcast.jdbc;

import cn.itcast.util.JDBCUtils;

import java.sql.*;
import java.util.Scanner;

/**
 * 登陆示例
 */
public class JDBCDemo09 {
    
    
    public static void main(String[] args) {
    
    
        Scanner sc = new Scanner(System.in);

        System.out.println("请输入用户名:");
        String username = sc.nextLine();

        System.out.println("请输入密码:");
        String password = sc.nextLine();

        boolean flag = new JDBCDemo09().login(username, password);
        if (flag) System.out.println("登陆成功");
        else System.out.println("用户名或密码错误");
    }

    /**
     * 登陆方法
     *
     * @param username:用户姓名
     * @param password:用户密码
     * @return:是否登陆成功
     */
    public boolean login(String username, String password) {
    
    
        if (username == null || password == null) return false;

        Connection conn = null;
        PreparedStatement pst=null;
        ResultSet rs = null;

        try {
    
    
            conn = JDBCUtils.getConnection();
            //(select * from user where username = ')(username)(' and password = ')(password)(')

            //使用普通的拼接
            //String sql = "select * from user where username = '" + username + "' and password = '" + password + "'";

            //使用预编译的sql
            String sql="select * from user where username=? and password=?";
            pst = conn.prepareStatement(sql);
            pst.setString(1,username);
            pst.setString(2,password);
            rs = pst.executeQuery();
            return rs.next();

        } catch (SQLException throwables) {
    
    
            throwables.printStackTrace();
        } finally {
    
    
            JDBCUtils.close(conn, pst, rs);
        }
        return false;
    }
}

运行结果

请输入用户名:
aoiwvhuw
请输入密码:
a’ or ‘a’ = 'a
用户名或密码错误

事务操作

数据库查看

account数据库

修改配置文件信息

配置文件信息修改

JDBCUtils代码(未变)

测试类JDBCDemo10中主方法)——在3的基础上

package cn.itcast.jdbc;

import cn.itcast.util.JDBCUtils;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;

/**
 * 事务
 */
public class JDBCDemo10 {
    
    
    public static void main(String[] args) {
    
    
        Connection conn = null;
        PreparedStatement pst1 = null;
        PreparedStatement pst2 = null;
        try {
    
    
            conn = JDBCUtils.getConnection();

            String sql1 = "update account set balance = balance - ? where id = ?";
            String sql2 = "update account set balance = balance + ? where id = ?";

            pst1 = conn.prepareStatement(sql1);
            pst2 = conn.prepareStatement(sql2);

            pst1.setDouble(1,500);
            pst1.setInt(2,1);

            pst2.setDouble(1,500);
            pst2.setInt(2,2);

            pst1.executeUpdate();
            pst2.executeUpdate();

        } catch (SQLException e) {
    
    
            try {
    
    
                if(conn!=null)  conn.rollback();
            } catch (SQLException throwables) {
    
    
                throwables.printStackTrace();
            }
            e.printStackTrace();
        }finally {
    
    
            JDBCUtils.close(conn,pst1);
            JDBCUtils.close(null,pst2);
        }
    }
}

在没有添加异常时的操作,结果:
account数据库
在手动添加异常后的操作
手动添加异常
结果:

Exception in thread “main” java.lang.ArithmeticException: / by zero
at cn.itcast.jdbc.JDBCDemo10.main(JDBCDemo10.java:29)

account数据库
没有发生交易。

猜你喜欢

转载自blog.csdn.net/weixin_45966880/article/details/114412446