JDBC小结2##
package com.kang;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.SQLException;
import java.sql.Statement;
public class JDBC2 {
public static void main(String[] args) throws ClassNotFoundException, SQLException {
Class.forName("com.mysql.cj.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/jdbc1?user=root&password=123456&characterEncoding=UTF8&serverTimezone=UTC";
Connection conn =DriverManager.getConnection(url);
DriverManager.getConnection(url);
Statement stmt = conn.createStatement();
String sql="select name as'姓名' from student";
ResultSet rs = stmt.executeQuery(sql);
ResultSetMetaData metaData = rs.getMetaData();
//获取结果集的列数
int colCount = metaData.getColumnCount();
System.out.println("colCount = "+colCount);
//根据列编号获取获取字段名
String colName= metaData.getColumnName(1);
System.out.println("colName = "+ colName);
//根据列编号获取别名,如果没有别名,获取字段名
String colLable=metaData.getColumnLabel(1);
System.out.println("colLable = "+ colLable);
//获取字段的数据类型
//java.sql.type
int type=metaData.getColumnType(1);
System.out.println("type = "+ type);
//获取字段的数据类型名
String strType = metaData.getColumnTypeName(1);
System.out.println("strType = "+strType);
}
}
获取该条记录中每一列的值
public static void main(String[] args) throws ClassNotFoundException, SQLException {
Class.forName("com.mysql.cj.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/jdbc1?user=root&password=123456&characterEncoding=UTF8&serverTimezone=UTC";
Connection conn =DriverManager.getConnection(url);
DriverManager.getConnection(url);
Statement stmt = conn.createStatement();
String sql="select * from student";
ResultSet rs = stmt.executeQuery(sql);
ResultSetMetaData metaData = rs.getMetaData();
int count = metaData.getColumnCount();
while(rs.next()) {
//获取该条记录中每一列的值
for(int i = 1; i <= count; i++) {
Object value = rs.getObject(i);
System.out.println("value = "+ value);
}
}
//关闭释放资源
//从小到大关(ResultSet—>Statement->Connection)
if(rs != null && !(rs.isClosed())) {
rs.close();
rs = null;
}
if(stmt != null && !stmt.isClosed()) {
stmt.close();
stmt = null;
}
if(conn!=null && !conn.isClosed()) {
conn.close();
conn= null;
}
List<HashMap<String,Object>> list = new ArrayList<>();
while(rs.next()) {
HashMap<String,Object> map= new HashMap<String,Object>();
//获取该条记录中每一列的值
for(int i = 1; i <= count; i++) {
String key = metaData.getColumnLabel(i);
Object value = rs.getObject(i);
map.put(key, value);
// System.out.println("value = "+ value);
}
list.add(map);
}
###SQL注入
SQL注入:通过在向SQL语句传递参数时,通过参数来改变原有的SQL语句结构。
防止SQL注入:防止SQL注入:外部传递进来的所有内容,都看作是值,而不是SQL语句的部分
package com.kang;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
public class JDBC3 {
public static void main(String[] args) throws ClassNotFoundException, SQLException {
//SQL注入:通过在向SQL语句传递参数时,通过参数来改变
//原有的SQL语句结构。
//防止SQL注入:外部传递进来的所有内容,都看作是值,而不是SQL语句的部分
Class.forName("com.mysql.cj.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/jdbc1?user=root&password=123456&characterEncoding=UTF8&serverTimezone=UTC";
Connection conn =DriverManager.getConnection(url);
//?部分不管将来是什么内容,都不会更改现有的SQL结构
String sql = "select * from student where id=?";
//SQL语句的预执行会检查SQL的语法
PreparedStatement ps = conn.prepareStatement(sql);
System.out.println(ps);
//为?部分赋值
/*
* d第一个参数代表?的位置
* 第二个位置代表要为该?赋的值
*/
ps.setInt(1, 1);
System.out.println(ps);
ResultSet rs =ps.executeQuery();
}
}