JDBCPreparedStatement

Posted 2021-01-12 MrChengs

PreparedStatement：

是一个预编译对象

是Statement的子接口

允许数据库预编译SQL

执行SQL的时候，无需重新传入SQL语句，它们已经编译SQL语句

执行SQL语句 ：executeQuery（）或execute Update（） 注意：不要在传入SQL语句

可以有效地防止SQL注入

 

 方法：

 ->setXxxx(int index,Xxx value):传入参数值。

连接/关闭方法

public Connection getConnection() throws Exception {

        String driver = "com.mysql.jdbc.Driver";
        String url = "jdbc:mysql://localhost:3307/shijian";
        String user = "root";
        String password = "1234";
        Class.forName(driver);
        Connection connection = DriverManager.getConnection(url, user, password);
        return connection;
        //System.out.println(connection);
    }
    //关闭
    public  void Close(ResultSet rs, Statement statement, Connection conn) {
        if (rs != null) {
            try {
                rs.close();
            } catch (SQLException e) {
                e.printStackTrace();
            }
        }
        if (statement != null) {
            try {
                statement.close();
            } catch (SQLException e) {
                e.printStackTrace();
            }
        }
        if (conn != null) {
            try {
                conn.close();
            } catch (SQLException e) {
                e.printStackTrace();
            }
        }
    }

 

    @Test
    public void testPreparedStatementjdbc(){
        
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        
        try {
            connection = getConnection();
            String sql = "insert into student(sname,sclass) values(?,?)";
            preparedStatement = (PreparedStatement) connection.prepareStatement(sql);

            preparedStatement.setString(1, "lisi");
            preparedStatement.setInt(2, 123456);
            
            //不要传入SQL语句
            preparedStatement.executeUpdate();
        } catch (Exception e) {
            e.printStackTrace();
        }finally {
            Close(null, preparedStatement, connection);
        }
        
    }

 

 

 

 

ResultSetMetaData
是描述ResuleSet的元数据对象，即从中得到有多少列，列明是什么

得到ResultSetMetaData  对象：调用ResultSet 的 getMetaData（）方法

ResultSetMetaData的好方法
-->int getColumnLabel(int column) 获取指定的列名，缩影从1开始
-->String getColumnCount() SQL语句有哪些列

    @Test
    public void testResultMeteData(){
        Connection connection = null;
        PreparedStatement statement  =null;
        ResultSet resuleset = null;
        try {
            String sql = "select * from student where id = ?";
            connection = testGetConnection();
            statement = (PreparedStatement) connection.prepareStatement(sql);
            statement.setInt(1, 2);
            resuleset = statement.executeQuery();
            //1.得到ResultSetMetaData对象
            ResultSetMetaData rsmd = (ResultSetMetaData) resuleset.getMetaData();
            //2.打印每一列的列名
            Map<String,Object> values = new HashMap<String,Object>();
            while(resuleset.next()){
                for(int i = 0; i < rsmd.getColumnCount();i++){
                    String c = rsmd.getColumnLabel(i +1);
                    Object ovalue = resuleset.getObject(c);
                    //System.out.println(c + "--" + ovalue);
                    values.put(c, ovalue); 
            }
            Class clazz = Student.class;
            Object object = clazz.newInstance();
            for(Map.Entry<String, Object> entry: values.entrySet()){
                String sid = entry.getKey();
                String sname = (String) entry.getValue();
                System.out.println( sid + "--" + sname);
            }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }finally {
            Close(resuleset, statement, connection);
        }
    }