| 接口 | 作用 |
|---|---|
| Statement接口 | 用于执行静态的sql语句 |
| PreparedStatement接口 | 用于执行预编译sql语句 |
| CallableStatement接口 | 用于执行存储过程的sql语句(call xxx) |
| 序号 | 不同 | 描述 |
|---|---|---|
| 1 | 语法不同 | PreparedStatement可以使用预编译的sql,而Statment只能使用静态的sql |
| 2 | 效率不同 | PreparedStatement可以使用sql缓存区,效率比Statment高 |
| 3 | 安全性不同 | PreparedStatement可以有效防止sql注入,而Statment不能防止sql注入。 |
url=jdbc:mysql://localhost:3306/testdb user=root password=root driverClass=com.mysql.jdbc.Driver
package com.rk.db.utils;
import java.io.IOException;
import java.io.InputStream;
import java.util.Properties;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
/**
* JDBC的工具类
* @author RK
*
*/
public class JDBCUtil
{
private static final String url;
private static final String user;
private static final String password;
private static final String driverClass;
/**
* 静态代码块中(只加载一次)
*/
static
{
try
{
//读取db.properties文件
InputStream inStream = JDBCUtil.class.getClassLoader().getResourceAsStream("db.properties");
Properties props = new Properties();
//加载文件
props.load(inStream);
//读取信息
url = props.getProperty("url");
user = props.getProperty("user");
password = props.getProperty("password");
driverClass = props.getProperty("driverClass");
//注册驱动程序
Class.forName(driverClass);
}
catch (IOException e)
{
System.out.println("读取数据库配置文件出错");
throw new RuntimeException(e);
}
catch (ClassNotFoundException e)
{
System.out.println("数据库驱程程序注册出错");
throw new RuntimeException(e);
}
}
/**
* 获取数据库的连接
* @return 数据库连接
*/
public static Connection getConnection()
{
try
{
return DriverManager.getConnection(url,user,password);
}
catch (SQLException e)
{
System.out.println("获取数据库连接出错");
throw new RuntimeException(e);
}
}
/**
* 关闭Connection、Statement和ResultSet
* @param conn 数据库连接
* @param stmt 执行SQL语句的命令
* @param rs 结果集
*/
public static void close(Connection conn,Statement stmt,ResultSet rs)
{
closeQuietly(rs);
closeQuietly(stmt);
closeQuietly(conn);
}
/**
* 安静的关闭数据库资源
* @param ac 实现了AutoCloseable接口的对象
*/
public static void closeQuietly(AutoCloseable ac)
{
if(ac != null)
{
try
{
ac.close();
}
catch (Exception e)
{
e.printStackTrace();
}
}
}
}package com.rk.db.c_prepared;
import java.sql.Connection;
import java.sql.SQLException;
import java.sql.PreparedStatement;
import com.rk.db.utils.JDBCUtil;
/**
* 使用PreparedStatement执行Insert语句
* @author RK
*/
public class Demo01
{
public static void main(String[] args)
{
Connection conn = null;
PreparedStatement pstmt = null;
try
{
//1.获取连接
conn = JDBCUtil.getConnection();
//2.准备预编译的sql
String sql = "INSERT INTO T_Persons(UserName,Pwd) VALUES(?,?)";
//3.执行预编译sql语句(检查语法)
pstmt = conn.prepareStatement(sql);
//4.设置参数值: 参数位置 从1开始
pstmt.setString(1, "地球人");
pstmt.setString(2, "987");
//5.发送参数,执行sql
int count = pstmt.executeUpdate();
System.out.println("影响了"+count+"行!");
}
catch (SQLException e)
{
e.printStackTrace();
}
finally
{
//关闭资源
JDBCUtil.close(conn, pstmt, null);
}
}
}package com.rk.db.c_prepared;
import java.sql.Connection;
import java.sql.SQLException;
import java.sql.PreparedStatement;
import com.rk.db.utils.JDBCUtil;
/**
* 使用PreparedStatement执行Update语句
* @author RK
*/
public class Demo02
{
public static void main(String[] args)
{
Connection conn = null;
PreparedStatement pstmt = null;
try
{
//1.获取连接
conn = JDBCUtil.getConnection();
//2.准备预编译的sql
String sql = "UPDATE T_Persons SET UserName=?, Pwd=? WHERE Id=?";
//3.执行预编译sql语句(检查语法)
pstmt = conn.prepareStatement(sql);
//4.设置参数值: 参数位置 从1开始
pstmt.setString(1, "火星人");
pstmt.setString(2, "456");
pstmt.setInt(3, 5);
//5.发送参数,执行sql
int count = pstmt.executeUpdate();
System.out.println("影响了"+count+"行!");
}
catch (SQLException e)
{
e.printStackTrace();
}
finally
{
//关闭资源
JDBCUtil.close(conn, pstmt, null);
}
}
}package com.rk.db.c_prepared;
import java.sql.Connection;
import java.sql.SQLException;
import java.sql.PreparedStatement;
import com.rk.db.utils.JDBCUtil;
/**
* 使用PreparedStatement执行Delete语句
* @author RK
*/
public class Demo03
{
public static void main(String[] args)
{
Connection conn = null;
PreparedStatement pstmt = null;
try
{
//1.获取连接
conn = JDBCUtil.getConnection();
//2.准备预编译的sql
String sql = "DELETE FROM T_Persons WHERE Id=?";
//3.执行预编译sql语句(检查语法)
pstmt = conn.prepareStatement(sql);
//4.设置参数值: 参数位置 从1开始
pstmt.setInt(1, 5);
//5.发送参数,执行sql
int count = pstmt.executeUpdate();
System.out.println("影响了"+count+"行!");
}
catch (SQLException e)
{
e.printStackTrace();
}
finally
{
//关闭资源
JDBCUtil.close(conn, pstmt, null);
}
}
}package com.rk.db.c_prepared;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.PreparedStatement;
import com.rk.db.utils.JDBCUtil;
/**
* 使用PreparedStatement执行Select语句
* @author RK
*/
public class Demo04
{
public static void main(String[] args)
{
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try
{
//1.获取连接
conn = JDBCUtil.getConnection();
//2.准备预编译的sql
String sql = "SELECT * FROM T_Persons";
//3.执行预编译sql语句(检查语法)
pstmt = conn.prepareStatement(sql);
//4.执行sql语句,得到返回结果
rs = pstmt.executeQuery();
//5.输出
while(rs.next())
{
int id = rs.getInt("Id");
String userName = rs.getString("UserName");
String pwd = rs.getString("Pwd");
System.out.println(id + "\t" + userName + "\t" + pwd);
}
}
catch (SQLException e)
{
e.printStackTrace();
}
finally
{
//关闭资源
JDBCUtil.close(conn, pstmt, rs);
}
}
}
JDBC系列:(3)使用PreparedStatement执行sql语句
原文地址:http://lsieun.blog.51cto.com/9210464/1772405
