步骤:
1.导入jar包:https://mvnrepository.com/artifact/mysql/mysql-connector-java/8.0.27
2.加载驱动:Class.forName("com.mysql.cj.jdbc.Driver");
3.获取数据库连接对象:
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/数据库名", "账号", "密码");
4.编写sql语句: String sql = "SELECT * FROM test";
5.获取执行sql语句的对象: Statement state = conn.createStatement();
6.执行sql,获取结果集:ResultSet r = state.executeQuery(sql);
7.获取结果:
while(r.next()) {
System.out.println(r.getString(1));
}
8. 释放资源:
r.close();
state.close();
conn.close();
PreparedStatement:
1.sql注入问题:
在拼接sql时,有一些sql的特殊关键字参与字符串的拼接。会造成安全性问题
如用户输入密码String pass = "'a' or 'a'='a'";
拼接sql: "SELECT * FROM user WHERE name='xxx' AND pass="+pass 变成
"SELECT * FROM user WHERE name='xxx' AND pass='a' or 'a'='a'" 导致密码始终正确
2.用PreparedStatement代替Statement解决sql注入问题:
//使用?作为占位符
String sql = "SELECT * FROM user WHERE name='xxx' AND pass=?";
String pass = "'a' or 'a'='a'";
PreparedStatement state = conn.preparedStatement(sql);
//设置?的值
state.setString(1, pass);
state.executeQuery();
事务:
try {
Connection conn;
//关闭事务自动提交,由于事务是自动开启的,所以只需关闭自动提交,手动控制事务
conn.setAutoCommit(false);
...
//提交事务
conn.commit();
} catch(Exception e) {
//回滚
conn.rollback();
}
数据库连接池:
1.概念:创建好了一堆连接,需要时从里面拿,不需要时归还连接,但不断开连接
2.Druid连接池:
1).导入jar包: https://mvnrepository.com/artifact/com.alibaba/druid/1.2.8
2).编写配置文件druid.properties:
driverClassName = com.mysql.cj.jdbc.Driver
driver=com.mysql.cj.jdbc.Driver
url=jdbc:mysql://localhost:3306/数据库名
username=root
password=********
#初始化连接数量#
initialSize = 5
#最大连接数量
maxACtive = 10
#等待时间 3秒
maxWait = 3000
3).Properties p = new Properties();
//加载配置文件
InputStream is =
DruidDemo.class.getClassLoader().getResourceAsStream("druid.properties");
p.load(is);
//获取连接池对象
DataSource ds = DruidDataSourceFactory.createDataSource(p);
//获取连接
Connection conn = ds.getConnection();
//归还连接
conn.close();