标签:cut 数据库查询 rman nbsp string 127.0.0.1 ace cte from
两种方法:
public static void main(String[] args) throws Exception{ //输入账号密码 Scanner sc = new Scanner(System.in); System.out.println("账号:"); String zh = sc.next(); System.out.println("密码:"); String mm = sc.next(); //连接到数据库 zh = zh.replace(‘\‘‘, ‘\"‘);//防止有注入错误 Class.forName("com.mysql.jdbc.Driver"); Connection conn=DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/mydb","root",""); Statement sta = conn.createStatement(); String sql = "select * from xs where zhanghao=‘"+zh+"‘ and mima=‘"+mm+"‘";//拼接进去但是会有注入错误 ResultSet rs = sta.executeQuery(sql); //查询语句 //输出 if(rs.next()){ //sr.next==true 账号密码输入的符合时 System.out.println(rs.getString(3)+"登入成功"); } else{ //输入的不符合时 System.out.println("账号或者密码输入不正确"); } conn.close(); }
public static void main(String[] args) throws Exception { //输入账号密码 Scanner sc = new Scanner(System.in); System.out.println("账号:"); String zh = sc.next(); System.out.println("密码:"); String mm = sc.next(); //数据库查询账号密码是否正确 Class.forName("com.mysql.jdbc.Driver"); Connection conn = DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/mydb", "root", "");
String sql = "select * from xs where zhanghao=? and mima=?;"; PreparedStatement sta = conn.prepareStatement(sql);//直接用prepareStatement语句,sql语句可以写在里面; sta.setString(1, zh);//第一个?的内容 sta.setString(2, mm);//第二个?的内容 ResultSet rs = sta.executeQuery();//查询语句上面写过sql语句,这里不能写。 //输出 if(rs.next()){ //sr.next==true 账号密码输入的符合时 System.out.println(rs.getString(3)+"登入成功"); } else{ //输入的不符合时 System.out.println("账号或者密码输入不正确"); } conn.close(); }
最后的结果也都是一样的
使用prepareStatement语句,往数据库里添加。好处是不受特殊字符的影响。
public static void main2(String[] args) throws Exception{ Scanner sc = new Scanner(System.in); System.out.println("账号:"); String zh = sc.nextLine(); System.out.println("密码:"); String mm = sc.nextLine(); System.out.println("名称:"); String xm = sc.nextLine(); Class.forName("com.mysql.jdbc.Driver"); Connection conn = DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/mydb?characterEncoding=GBK","root","");
String sql = "insert into xs values(?,?,?)"; PreparedStatement pre = conn.prepareStatement(sql); pre.setString(1, zh); pre.setString(2, mm); pre.setString(3, xm); pre.executeUpdate(); conn.close(); }
执行:
添加进数据库里了
标签:cut 数据库查询 rman nbsp string 127.0.0.1 ace cte from
原文地址:http://www.cnblogs.com/hq233/p/6250144.html
