JDBC的常用方法

1.防止SQL注入

在编写SQL语句时,为了方便起见,我们可能会将字符串连接起来,这有被SQL注入攻击的缺点,解决方案很简单。[en]When we write sql statements, we may concatenate strings for convenience, which has the disadvantage of being attacked by sql injection, and the solution is very simple.

//获取数据库连接
Connection connection = DBUtils.getConnection();
//在写sql语句时,使用?代替变量
String sql = "select * from user where username=? and password=?";
//使用预编译对象进行预编译,就不使用原始的Statement对象
PreparedStatement preparedStatement = connection.prepareStatement(sql);
//预编译后进行?的替换
preparedStatement.setString(1,"csdn");
preparedStatement.setString(2,"csdn123");
ResultSet resultSet = preparedStatement.executeQuery();
while(resultSet.next()){
      System.out.println(resultSet.getString(1));
 }

2.SQL批量操作

如果我们要批处理执行多条SQL语句,解决方案也很简单,无论是Statement对象还是PreparedStatement对象,都提供了批处理操作的方法,其实也是同样的方法。[en]If we want to batch execute multiple sql statements, the solution is also very simple, whether it is Statement object or PreparedStatement object, all provide the method of batch operation, in fact, it is the same method.

Connection connection = DBUtils.getConnection();
//创建sql执行对象
Statement statement = connection.createStatement();
String sql1="xxxxxxxxxxxxxxx";
String sql2="xxxxxxxxxxxxxxx";
String sql3="xxxxxxxxxxxxxxx";
//将要执行的sql语句放到批处理中
statement.addBatch(sql1);
statement.addBatch(sql2);
statement.addBatch(sql3);
//执行
statement.executeBatch();

3.插入数据获取自增主键值

Statement对象执行

Connection connection = DBUtils.getConnection();
String sql = "insert into user values(null,\"csdn\",\"csdn123\")";
Statement statement = connection.createStatement();
//执行时加上Statement常量,看意思就知道是返回自增主键
statement.executeUpdate(sql,Statement.RETURN_GENERATED_KEYS);
//获取返回的自增主键
ResultSet rs = statement.getGeneratedKeys();
//取出主键
while(rs.next()){
 System.out.println(rs.getInt(1));
  }

PreparedStatement对象执行

Connection connection = DBUtils.getConnection();
String sql = "insert into user values(null,?,?)";
//获取预编译执行对象,在这里加上参数Statement对象的常量
PreparedStatement preparedStatement = connection.prepareStatement(sql,Statement.RETURN_GENERATED_KEYS);
preparedStatement.setString(1,"csdn");
preparedStatement.setString(2,"csdn123");
//执行sql操作
preparedStatement.executeUpdate();
//获取返回的主键值
ResultSet rs = preparedStatement.getGeneratedKeys();
 //遍历取出
while(rs.next()){
     System.out.println(rs.getInt(1));
   }

4.元数据

数据库元数据

 Connection connection = DBUtils.getConnection();
//获取数据库元数据对象
DatabaseMetaData databaseMetaData = connection.getMetaData();
//获取数据库名
databaseMetaData.getDatabaseProductName();
 //获取数据库驱动版本
databaseMetaData.getDriverVersion();
//获取数据库用户名
databaseMetaData.getUserName();

表元数据

 Connection connection = DBUtils.getConnection();
String sql = "select * from user";
Statement statement = connection.createStatement();
ResultSet resultSet = statement.executeQuery(sql);
//获取表元数据对象
ResultSetMetaData resultSetMetaData = resultSet.getMetaData();
//获取表字段数量
int count = resultSetMetaData.getColumnCount();
//注意下标从1开始
for (int i = 1; i <= count; i++) { 获取第i个字段的名字,就是列名 resultsetmetadata.getcolumnname(i); 获取第i个字段类型 resultsetmetadata.getcolumntypename(i); } < code></=>

关于JDBC常用的操作基本就是这些了,如果有别的需要可以自己查阅一下官网。帮助到你了给个赞吧

Original: https://blog.csdn.net/weixin_45056780/article/details/104792772
Author: 世代农民
Title: JDBC的常用方法

原创文章受到原创版权保护。转载请注明出处:https://www.johngo689.com/6121/

转载文章受原作者版权保护。转载请注明原作者出处!

(0)

大家都在看

发表回复

登录后才能评论
免费咨询
免费咨询
扫码关注
扫码关注
联系站长

站长Johngo!

大数据和算法重度研究者!

持续产出大数据、算法、LeetCode干货,以及业界好资源!

2022012703491714

微信来撩,免费咨询:xiaozhu_tec

分享本页
返回顶部