java如何把数据从数据库传入浏览器

Posted 2023-04-07

参考技术A 比如有张表
create
table
aa(
id
number(5),
name
varchar(20),
address
varchar2(50)
);
向其中加入一条数据是:
只插入2个字段
sql语句是:
insert
into
aa
(id,name)
values(123,'happy');
插入所有字段
insert
into
aa
values
(234,'sad','chengdu');
即可 参考技术B 有客户端发出请求，到达某个servlet。这个servlet定位其中的方法，方法调用DAO或service去数据库去数据经过封装后，（封装成对象，集合等等），通过request请求转发或者直接放到session中，在页面中就可以直接用requset.XX或session.XX调用了，可以取对象属性值或遍历集合形成列表。

java 调用mysql的事务如何传入查询参数？

Connection conn = null;
Statement stmt = null;
try
conn = this.getConnection();
stmt = conn.createStatement();
stmt.executeUpdate("SET AUTOCOMMIT=0;"); //设置为不自动提交
stmt.executeUpdate("START TRANSACTION;");//开始事务
for(int i = 0;i < sqlStr.length;i++)
stmt.addBatch(“insert into users values (?,?,?,?);
//这里该如何将查询参数传入？


问题解决了，还得自己研究
我把方法发一下，方便后来的学习者来学习
Connection con=DriverManager.getConnection(url,user,password);//创建连接，不解释
con.setAutoCommit(false);//设置自动提交的状态为false
//新建一个 PreparedStatement 对象
PreparedStatement psmt= con.prepareStatement("insert into contactslist values (?,?,?)");

for (Contact c : contacts)
//设置参数
psmt.setString(1, c.UserPhoneNumber);
psmt.setString(2, c.ContactPhoneNumber);
psmt.setString(3, c.getContactName());
psmt.addBatch();//添加批处理命令（这里添加完后上面的三个参数也一起被添加到批处理里了，所以下次添加批处理命令的时候还能从1开始添加参数）

try
pstm.executeBatch();//执行批处理
con.commit();//提交事务

catch

con.rollback();//失败回滚

finally(pstm.close();//最后记得关闭pstm)

Statement换成preparedStatement，就有相应的set方法了。

或者既然addBatch里面传入的是String类型，那我们自己构造，

stmt.addBatch(“insert into users values ("+"values1"+","+"values2"+");");

或者既然是users类，我们可以根据users中属性是否为初始值来自动生成inset语句，下面是我以前写的代码，仅供参考

注释：

1、下面的User.NAME等就是user中name属性在表中的列名

2、方法ConvertStr就是把插入的列的value加上单引号。

    private static String ConvertStr(Object object) 

        return "'" + object.toString() + "'";

   

3、其他

    public static final String strIns = "insert into users(";

    public static final String strVal = ") values(";

    public static final String strEnd = ");";

4、调用

stmt.addBatch(User.InsetStr(user));//这样就不用考虑传参了

代码如下：

public static String InsetStr(User user)
String StrCol = "";
String Values = "";
if (user.getName() != null && !user.getName().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.NAME;
Values = Values + "," + ConvertStr(user.getName());
else
StrCol = StrCol + User.NAME;
Values = Values + ConvertStr(user.getName());


if (user.getNick() != null && !user.getNick().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.NICK;
Values = Values + "," + ConvertStr(user.getNick());
else
StrCol = StrCol + User.NICK;
Values = Values + ConvertStr(user.getNick());


if (user.getStudentid() != 0)
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.STUDENTID;
Values = Values + "," + ConvertStr(user.getStudentid());
else
StrCol = StrCol + User.STUDENTID;
Values = Values + ConvertStr(user.getStudentid());


if (user.getSex() != \'\\u0000\')
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.SEX;
Values = Values + "," + ConvertStr(user.getSex());
else
StrCol = StrCol + User.SEX;
Values = Values + ConvertStr(user.getSex());


if (user.getPassword() != null && !user.getPassword().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.PASSWORD;
Values = Values + "," + ConvertStr(user.getPassword());
else
StrCol = StrCol + User.PASSWORD;
Values = Values + ConvertStr(user.getPassword());


if (user.getHash() != null && !user.getHash().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.HASH;
Values = Values + "," + ConvertStr(user.getHash());
else
StrCol = StrCol + User.HASH;
Values = Values + ConvertStr(user.getHash());


if (user.getSchool() != null && !user.getSchool().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.SCHOOL;
Values = Values + "," + ConvertStr(user.getSchool());
else
StrCol = StrCol + User.SCHOOL;
Values = Values + ConvertStr(user.getSchool());


if (user.getMajor() != null && !user.getMajor().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.MAJOR;
Values = Values + "," + ConvertStr(user.getMajor());
else
StrCol = StrCol + User.MAJOR;
Values = Values + ConvertStr(user.getMajor());


if (user.getMobile() != 0)
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.MOBILE;
Values = Values + "," + ConvertStr(user.getMobile());
else
StrCol = StrCol + User.MOBILE;
Values = Values + ConvertStr(user.getMobile());


if (user.getCollege() != null && !user.getCollege().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.COLLEGE;
Values = Values + "," + ConvertStr(user.getCollege());
else
StrCol = StrCol + User.COLLEGE;
Values = Values + ConvertStr(user.getCollege());


if (user.getGrade() != 0)
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.GRADE;
Values = Values + "," + ConvertStr(user.getGrade());
else
StrCol = StrCol + User.GRADE;
Values = Values + ConvertStr(user.getGrade());


if (user.getBclass() != null && !user.getBclass().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.BCLASS;
Values = Values + "," + ConvertStr(user.getBclass());
else
StrCol = StrCol + User.BCLASS;
Values = Values + ConvertStr(user.getBclass());


if (user.getIdnum() != null && !user.getIdnum().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.IDNUM;
Values = Values + "," + ConvertStr(user.getIdnum());
else
StrCol = StrCol + User.IDNUM;
Values = Values + ConvertStr(user.getIdnum());


if (user.getEmail() != null && !user.getEmail().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.EMAIL;
Values = Values + "," + ConvertStr(user.getEmail());
else
StrCol = StrCol + User.EMAIL;
Values = Values + ConvertStr(user.getEmail());


if (user.getRegip() != null && !user.getRegip().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.REGIP;
Values = Values + "," + ConvertStr(user.getRegip());
else
StrCol = StrCol + User.REGIP;
Values = Values + ConvertStr(user.getRegip());


if (user.getRegdate() != 0)
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.REGDATE;
Values = Values + "," + ConvertStr(user.getRegdate());
else
StrCol = StrCol + User.REGDATE;
Values = Values + ConvertStr(user.getRegdate());


if (user.getUnit() != null && !user.getUnit().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.UNIT;
Values = Values + "," + ConvertStr(user.getUnit());
else
StrCol = StrCol + User.UNIT;
Values = Values + ConvertStr(user.getUnit());


if (user.getRegion() != null && !user.getRegion().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.REGION;
Values = Values + "," + ConvertStr(user.getRegion());
else
StrCol = StrCol + User.REGION;
Values = Values + ConvertStr(user.getRegion());


if (user.getDepartments() != null && !user.getDepartments().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.DEPARTMENTS;
Values = Values + "," + ConvertStr(user.getDepartments());
else
StrCol = StrCol + User.DEPARTMENTS;
Values = Values + ConvertStr(user.getDepartments());


if (user.getTdcj() > 0)
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.TDCJ;
Values = Values + "," + ConvertStr(user.getTdcj());
else
StrCol = StrCol + User.TDCJ;
Values = Values + ConvertStr(user.getTdcj());


if (user.getTzcj() > 0)
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.TZCJ;
Values = Values + "," + ConvertStr(user.getTzcj());
else
StrCol = StrCol + User.TZCJ;
Values = Values + ConvertStr(user.getTzcj());


if (user.getAddress() != null && !user.getAddress().equals(""))
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.ADDRESS;
Values = Values + "," + ConvertStr(user.getAddress());
else
StrCol = StrCol + User.ADDRESS;
Values = Values + ConvertStr(user.getAddress());


if (user.getPostcode() != 0)
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.POSTCODE;
Values = Values + "," + ConvertStr(user.getPostcode());
else
StrCol = StrCol + User.POSTCODE;
Values = Values + ConvertStr(user.getPostcode());


if (user.getBankcard() != 0)
if (!StrCol.equals(""))
StrCol = StrCol + "," + User.BANKCARD;
Values = Values + "," + ConvertStr(user.getBankcard());
else
StrCol = StrCol + User.BANKCARD;
Values = Values + ConvertStr(user.getBankcard());


return Sql.strIns + StrCol + Sql.strVal + Values + Sql.strEnd;

追问

这个方法对于新手是很好，但是朋友，你知道什么是SQL注入式攻击么？
这样是有安全隐患的.

追答

你就写一个过滤的方法吧

参考技术A 参数可以封装在一个javabean中，从javabean中取得参数，比如：
stmt.setXxx(1, javaBean.getXxx());
stmt.setXxx(2, javaBean.getXxx());
stmt.setXxx(3, javaBean.getXxx());
stmt.setXxx(4, javaBean.getXxx());追问

stmt根本就没有setString之类的函数。回答问题不要这么不负责哦

参考技术B 直接在sql语句后边追加where 查询条件，这样就可以进行查询参数查询了 参考技术C 你是要查询还是插入???
查询的话参数肯定通过方法参数传入
插入的话加事务也不是你这样加的啊
生成Statement之前调用以下代码,设置手动提交
conn.setAutoCommit(false);
所有SQL语句执行完成后conn.commit()提交整个事务,如果有异常rollback回滚事务. 参考技术D 使用有？号这样的SQL语句，需要使用的是PreparedStatement
不是Statement

使用方法如下，你参考一下。

---------------------------------------------------------------------------------
String sql = "insert into users values (?,?,?,?);";
PreparedStatement pst = conn.prepareStatement(sql);
pst.setObject(1, xxxx);
pst.setObject(2, yyy);
pst.setObject(3, zzz);
pst.setObject(4, nnnnn);
ResultSet rs = pst.executeQuery();追问

事务呢？有木有？不用事务这样写我也会。我问的不是这个