执行sql语句的接口接口 | 作用 |
---|
Statement接口 | 用于执行静态的sql语句 |
PreparedStatement接口 | 用于执行预编译sql语句 |
CallableStatement接口 | 用于执行存储过程的sql语句(call xxx) |
PreparedStatement Vs Statement序号 | 不同 | 描述 |
---|
1 | 语法不同 | PreparedStatement可以使用预编译的sql,而Statement只能使用静态的sql |
2 | 效率不同 | PreparedStatement可以使用sql缓存区,效率比Statement高 |
3 | 安全性不同 | PreparedStatement可以有效防止sql注入,而Statement不能防止sql注入。 |
package com.rk.db.c_prepared;
import java.sql.Connection;
import java.sql.SQLException;
import java.sql.PreparedStatement;
import com.rk.db.utils.JDBCUtil;
public class Demo01
{
public static void main(String[] args)
{
Connection conn = null;
PreparedStatement pstmt = null;
try
{
//1.获取连接
conn = JDBCUtil.getConnection();
//2.准备预编译的sql
String sql = "INSERT INTO T_Persons(UserName,Pwd) VALUES(?,?)";
//3.执行预编译sql语句(检查语法)
pstmt = conn.prepareStatement(sql);
//4.设置参数值: 参数位置 从1开始
pstmt.setString(1, "地球人");
pstmt.setString(2, "987");
//5.发送参数,执行sql
int count = pstmt.executeUpdate();
System.out.println("影响了"+count+"行!");
}
catch (SQLException e)
{
e.printStackTrace();
}
finally
{
//关闭资源
JDBCUtil.close(conn, pstmt, null);
}
}
}
package com.rk.db.c_prepared;
import java.sql.Connection;
import java.sql.SQLException;
import java.sql.PreparedStatement;
import com.rk.db.utils.JDBCUtil;
public class Demo02
{
public static void main(String[] args)
{
Connection conn = null;
PreparedStatement pstmt = null;
try
{
//1.获取连接
conn = JDBCUtil.getConnection();
//2.准备预编译的sql
String sql = "UPDATE T_Persons SET UserName=?, Pwd=? WHERE Id=?";
//3.执行预编译sql语句(检查语法)
pstmt = conn.prepareStatement(sql);
//4.设置参数值: 参数位置 从1开始
pstmt.setString(1, "火星人");
pstmt.setString(2, "456");
pstmt.setInt(3, 5);
//5.发送参数,执行sql
int count = pstmt.executeUpdate();
System.out.println("影响了"+count+"行!");
}
catch (SQLException e)
{
e.printStackTrace();
}
finally
{
//关闭资源
JDBCUtil.close(conn, pstmt, null);
}
}
}
package com.rk.db.c_prepared;
import java.sql.Connection;
import java.sql.SQLException;
import java.sql.PreparedStatement;
import com.rk.db.utils.JDBCUtil;
public class Demo03
{
public static void main(String[] args)
{
Connection conn = null;
PreparedStatement pstmt = null;
try
{
//1.获取连接
conn = JDBCUtil.getConnection();
//2.准备预编译的sql
String sql = "DELETE FROM T_Persons WHERE Id=?";
//3.执行预编译sql语句(检查语法)
pstmt = conn.prepareStatement(sql);
//4.设置参数值: 参数位置 从1开始
pstmt.setInt(1, 5);
//5.发送参数,执行sql
int count = pstmt.executeUpdate();
System.out.println("影响了"+count+"行!");
}
catch (SQLException e)
{
e.printStackTrace();
}
finally
{
//关闭资源
JDBCUtil.close(conn, pstmt, null);
}
}
}
package com.rk.db.c_prepared;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.PreparedStatement;
import com.rk.db.utils.JDBCUtil;
public class Demo04
{
public static void main(String[] args)
{
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try
{
//1.获取连接
conn = JDBCUtil.getConnection();
//2.准备预编译的sql
String sql = "SELECT * FROM T_Persons";
//3.执行预编译sql语句(检查语法)
pstmt = conn.prepareStatement(sql);
//4.执行sql语句,得到返回结果
rs = pstmt.executeQuery();
//5.输出
while(rs.next())
{
int id = rs.getInt("Id");
String userName = rs.getString("UserName");
String pwd = rs.getString("Pwd");
System.out.println(id + "\t" + userName + "\t" + pwd);
}
}
catch (SQLException e)
{
e.printStackTrace();
}
finally
{
//关闭资源
JDBCUtil.close(conn, pstmt, rs);
}
}
}