java 调用mysql的事务如何传入查询参数?
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了java 调用mysql的事务如何传入查询参数?相关的知识,希望对你有一定的参考价值。
Connection conn = null;
Statement stmt = null;
try
conn = this.getConnection();
stmt = conn.createStatement();
stmt.executeUpdate("SET AUTOCOMMIT=0;"); //设置为不自动提交
stmt.executeUpdate("START TRANSACTION;");//开始事务
for(int i = 0;i < sqlStr.length;i++)
stmt.addBatch(“insert into users values (?,?,?,?);
//这里该如何将查询参数传入?
问题解决了,还得自己研究
我把方法发一下,方便后来的学习者来学习
Connection con=DriverManager.getConnection(url,user,password);//创建连接,不解释
con.setAutoCommit(false);//设置自动提交的状态为false
//新建一个 PreparedStatement 对象
PreparedStatement psmt= con.prepareStatement("insert into contactslist values (?,?,?)");
for (Contact c : contacts)
//设置参数
psmt.setString(1, c.UserPhoneNumber);
psmt.setString(2, c.ContactPhoneNumber);
psmt.setString(3, c.getContactName());
psmt.addBatch();//添加批处理命令(这里添加完后上面的三个参数也一起被添加到批处理里了,所以下次添加批处理命令的时候还能从1开始添加参数)
try
pstm.executeBatch();//执行批处理
con.commit();//提交事务
catch
con.rollback();//失败回滚
finally(pstm.close();//最后记得关闭pstm)
Statement换成preparedStatement,就有相应的set方法了。
或者既然addBatch里面传入的是String类型,那我们自己构造,
stmt.addBatch(“insert into users values ("+"values1"+","+"values2"+");");
或者既然是users类,我们可以根据users中属性是否为初始值来自动生成inset语句,下面是我以前写的代码,仅供参考
注释:
1、下面的User.NAME等就是user中name属性在表中的列名
2、方法ConvertStr就是把插入的列的value加上单引号。
private static String ConvertStr(Object object)
return "'" + object.toString() + "'";
3、其他
public static final String strIns = "insert into users(";
public static final String strVal = ") values(";
public static final String strEnd = ");";
4、调用
stmt.addBatch(User.InsetStr(user));//这样就不用考虑传参了
代码如下:
String StrCol = "";
String Values = "";
if (user.getName() != null && !user.getName().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.NAME;
Values = Values + "," + ConvertStr(user.getName());
else
StrCol = StrCol + User.NAME;
Values = Values + ConvertStr(user.getName());
if (user.getNick() != null && !user.getNick().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.NICK;
Values = Values + "," + ConvertStr(user.getNick());
else
StrCol = StrCol + User.NICK;
Values = Values + ConvertStr(user.getNick());
if (user.getStudentid() != 0)
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.STUDENTID;
Values = Values + "," + ConvertStr(user.getStudentid());
else
StrCol = StrCol + User.STUDENTID;
Values = Values + ConvertStr(user.getStudentid());
if (user.getSex() != \'\\u0000\')
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.SEX;
Values = Values + "," + ConvertStr(user.getSex());
else
StrCol = StrCol + User.SEX;
Values = Values + ConvertStr(user.getSex());
if (user.getPassword() != null && !user.getPassword().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.PASSWORD;
Values = Values + "," + ConvertStr(user.getPassword());
else
StrCol = StrCol + User.PASSWORD;
Values = Values + ConvertStr(user.getPassword());
if (user.getHash() != null && !user.getHash().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.HASH;
Values = Values + "," + ConvertStr(user.getHash());
else
StrCol = StrCol + User.HASH;
Values = Values + ConvertStr(user.getHash());
if (user.getSchool() != null && !user.getSchool().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.SCHOOL;
Values = Values + "," + ConvertStr(user.getSchool());
else
StrCol = StrCol + User.SCHOOL;
Values = Values + ConvertStr(user.getSchool());
if (user.getMajor() != null && !user.getMajor().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.MAJOR;
Values = Values + "," + ConvertStr(user.getMajor());
else
StrCol = StrCol + User.MAJOR;
Values = Values + ConvertStr(user.getMajor());
if (user.getMobile() != 0)
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.MOBILE;
Values = Values + "," + ConvertStr(user.getMobile());
else
StrCol = StrCol + User.MOBILE;
Values = Values + ConvertStr(user.getMobile());
if (user.getCollege() != null && !user.getCollege().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.COLLEGE;
Values = Values + "," + ConvertStr(user.getCollege());
else
StrCol = StrCol + User.COLLEGE;
Values = Values + ConvertStr(user.getCollege());
if (user.getGrade() != 0)
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.GRADE;
Values = Values + "," + ConvertStr(user.getGrade());
else
StrCol = StrCol + User.GRADE;
Values = Values + ConvertStr(user.getGrade());
if (user.getBclass() != null && !user.getBclass().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.BCLASS;
Values = Values + "," + ConvertStr(user.getBclass());
else
StrCol = StrCol + User.BCLASS;
Values = Values + ConvertStr(user.getBclass());
if (user.getIdnum() != null && !user.getIdnum().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.IDNUM;
Values = Values + "," + ConvertStr(user.getIdnum());
else
StrCol = StrCol + User.IDNUM;
Values = Values + ConvertStr(user.getIdnum());
if (user.getEmail() != null && !user.getEmail().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.EMAIL;
Values = Values + "," + ConvertStr(user.getEmail());
else
StrCol = StrCol + User.EMAIL;
Values = Values + ConvertStr(user.getEmail());
if (user.getRegip() != null && !user.getRegip().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.REGIP;
Values = Values + "," + ConvertStr(user.getRegip());
else
StrCol = StrCol + User.REGIP;
Values = Values + ConvertStr(user.getRegip());
if (user.getRegdate() != 0)
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.REGDATE;
Values = Values + "," + ConvertStr(user.getRegdate());
else
StrCol = StrCol + User.REGDATE;
Values = Values + ConvertStr(user.getRegdate());
if (user.getUnit() != null && !user.getUnit().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.UNIT;
Values = Values + "," + ConvertStr(user.getUnit());
else
StrCol = StrCol + User.UNIT;
Values = Values + ConvertStr(user.getUnit());
if (user.getRegion() != null && !user.getRegion().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.REGION;
Values = Values + "," + ConvertStr(user.getRegion());
else
StrCol = StrCol + User.REGION;
Values = Values + ConvertStr(user.getRegion());
if (user.getDepartments() != null && !user.getDepartments().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.DEPARTMENTS;
Values = Values + "," + ConvertStr(user.getDepartments());
else
StrCol = StrCol + User.DEPARTMENTS;
Values = Values + ConvertStr(user.getDepartments());
if (user.getTdcj() > 0)
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.TDCJ;
Values = Values + "," + ConvertStr(user.getTdcj());
else
StrCol = StrCol + User.TDCJ;
Values = Values + ConvertStr(user.getTdcj());
if (user.getTzcj() > 0)
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.TZCJ;
Values = Values + "," + ConvertStr(user.getTzcj());
else
StrCol = StrCol + User.TZCJ;
Values = Values + ConvertStr(user.getTzcj());
if (user.getAddress() != null && !user.getAddress().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.ADDRESS;
Values = Values + "," + ConvertStr(user.getAddress());
else
StrCol = StrCol + User.ADDRESS;
Values = Values + ConvertStr(user.getAddress());
if (user.getPostcode() != 0)
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.POSTCODE;
Values = Values + "," + ConvertStr(user.getPostcode());
else
StrCol = StrCol + User.POSTCODE;
Values = Values + ConvertStr(user.getPostcode());
if (user.getBankcard() != 0)
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.BANKCARD;
Values = Values + "," + ConvertStr(user.getBankcard());
else
StrCol = StrCol + User.BANKCARD;
Values = Values + ConvertStr(user.getBankcard());
return Sql.strIns + StrCol + Sql.strVal + Values + Sql.strEnd;
追问
这个方法对于新手是很好,但是朋友,你知道什么是SQL注入式攻击么?
这样是有安全隐患的.
你就写一个过滤的方法吧
参考技术A 参数可以封装在一个javabean中,从javabean中取得参数,比如:stmt.setXxx(1, javaBean.getXxx());
stmt.setXxx(2, javaBean.getXxx());
stmt.setXxx(3, javaBean.getXxx());
stmt.setXxx(4, javaBean.getXxx());追问
stmt根本就没有setString之类的函数。回答问题不要这么不负责哦
参考技术B 直接在sql语句后边追加where 查询条件,这样就可以进行查询参数查询了 参考技术C 你是要查询还是插入???查询的话参数肯定通过方法参数传入
插入的话加事务也不是你这样加的啊
生成Statement之前调用以下代码,设置手动提交
conn.setAutoCommit(false);
所有SQL语句执行完成后conn.commit()提交整个事务,如果有异常rollback回滚事务. 参考技术D 使用有?号这样的SQL语句,需要使用的是PreparedStatement
不是Statement
使用方法如下,你参考一下。
---------------------------------------------------------------------------------
String sql = "insert into users values (?,?,?,?);";
PreparedStatement pst = conn.prepareStatement(sql);
pst.setObject(1, xxxx);
pst.setObject(2, yyy);
pst.setObject(3, zzz);
pst.setObject(4, nnnnn);
ResultSet rs = pst.executeQuery();追问
事务呢?有木有?不用事务这样写我也会。我问的不是这个
Jython 2.5.1:从 Java 调用到 __main__ - 如何传入命令行参数?
【中文标题】Jython 2.5.1:从 Java 调用到 __main__ - 如何传入命令行参数?【英文标题】:Jython 2.5.1: Calling From Java into __main__ - how to pass in command line args? 【发布时间】:2011-09-21 23:36:24 【问题描述】:我在 Java 中使用 Jython;所以我有一个类似于下面的 Java 设置:
String scriptname="com/blah/myscript.py"
PythonInterpreter interpreter = new PythonInterpreter(null, new PySystemState());
InputStream is = this.getClass().getClassLoader().getResourceAsStream(scriptname);
interpreter.execfile(is);
这将(例如)运行下面的脚本:
# myscript.py:
import sys
if __name__=="__main__":
print "hello"
print sys.argv
如何使用这种方法传入“命令行”参数? (我希望能够编写我的 Jython 脚本,以便我也可以在命令行上使用 'python script arg1 arg2' 运行它们)。
【问题讨论】:
【参考方案1】:我使用的是 Jython 2.5.2 和 runScript 不存在,所以我不得不用 execfile 替换它。除了这个区别之外,我还需要在创建PythonInterpreter 对象之前在状态对象中设置argv:
String scriptname = "myscript.py";
PySystemState state = new PySystemState();
state.argv.append (new PyString ("arg1"));
state.argv.append (new PyString ("arg2"));
PythonInterpreter interpreter = new PythonInterpreter(null, state);
InputStream is = Tester.class.getClassLoader().getResourceAsStream(scriptname);
interpreter.execfile (is);
状态对象中的argv列表最初的长度为1,其中包含一个空字符串,因此前面的代码导致输出:
hello
['', 'arg1', 'arg2']
如果您需要 argv[0] 成为实际的脚本名称,您需要像这样创建状态:
PySystemState state = new PySystemState();
state.argv.clear ();
state.argv.append (new PyString (scriptname));
state.argv.append (new PyString ("arg1"));
state.argv.append (new PyString ("arg2"));
那么输出是:
hello
['myscript.py', 'arg1', 'arg2']
【讨论】:
不错的一个 - 我只需要在我发布的 Jython 中检查一下(实际上是 2.5.1..不是 2.5 - 道歉);我会尽快标记为已接受。干杯 另外:'runScript' 是我的方法 - 我已将类包装在我的代码中 - 我已更正原始帖子以使用 'execfile' 是的,很好吃;注意到似乎有一个记录在案的方法来检索 systemState,但我的发行版上似乎没有:jython.org/javadoc/org/python/util/… - 感谢接受的答案。【参考方案2】:对于上述解决方案不起作用的人,请尝试以下方法。这适用于我的 jython 版本 2.7.0
String[] params = "get_AD_accounts.py","-server", "http://xxxxx:8080","-verbose", "-logLevel", "CRITICAL";
上面复制了下面的命令。即每个参数及其值是 params 数组中的单独元素。
jython get_AD_accounts.py -logLevel CRITICAL -server http://xxxxxx:8080 -verbose
PythonInterpreter.initialize(System.getProperties(), System.getProperties(), params);
PySystemState state = new PySystemState() ;
InputStream is = new FileInputStream("C:\\projectfolder\\get_AD_accounts.py");
PythonInterpreter interp = new PythonInterpreter(null, state);
PythonInterpreter interp = new PythonInterpreter(null, state);
interp.execfile(is);
【讨论】:
以上是关于java 调用mysql的事务如何传入查询参数?的主要内容,如果未能解决你的问题,请参考以下文章
SQL SERVER 存储过程中如何使用传入的DB参数,实现跨库查询?
python 新手请教,用java调用.py如何用java传入python参数,谢谢