Javaee--mybatis__java

Source: Internet
Author: User
Tags sql injection

1.JDBC programming to implement database operations

Package COM.IOT.MYBATIS.JDBC;
Import java.sql.*;
Import java.sql.Connection;
Import Java.sql.DriverManager;
Import java.sql.PreparedStatement;
Import Java.sql.ResultSet;

Import java.sql.SQLException; 
        public class Jdbctest {public static void main (string[] args) {//database connection Connection Connection = null;
        Pre-compiled statement, using precompiled statement to improve database performance PreparedStatement PreparedStatement = null;

        Result set ResultSet ResultSet = null;

            try {//Load Database driver Class.forName ("Com.mysql.jdbc.Driver"); Get the database link through the drive management class connection = Drivermanager.getconnection ("Jdbc:mysql://120.25.162.238:3306/mybatis001?charac
            Terencoding=utf-8 "," root "," 123 ");
            Define the SQL statement? represents a placeholder String sql = "SELECT * from user where username =?";
            Get preprocessing statement preparedstatement = connection.preparestatement (sql); Sets the parameter, the first parameter is the ordinal of the parameter in the SQL statement (starting from 1), and the second parameter is the parameter value set PreparEdstatement.setstring (1, "Harry");
            Issue SQL execution query to database, query out result set ResultSet = Preparedstatement.executequery (); Traversal query result set while (Resultset.next ()) {System.out.println (resultset.getstring ("id") + "" +resultset
            . getString ("username"));
        } catch (Exception e) {e.printstacktrace (); 
                }finally{//Release Resource if (resultset!=null) {try {resultset.close (); catch (SQLException e) {//TODO auto-generated catch block E.P
                Rintstacktrace (); } if (Preparedstatement!=null) {try {Preparedstatement.close
                (); 
                catch (SQLException e) {//TODO auto-generated catch block E.printstacktrace (); } if (Connection!=null) {try {Connection.close (); 
                catch (SQLException e) {//TODO auto-generated catch block E.printstacktrace (); }
            }

        }

    }

}

The problem with the above code is:
(1). database connection, when used to create, do not use immediate release, the database for frequent connection to open and close, resulting in waste of database resources, affecting database performance.
Imagine using a database connection pool to manage database connections.
(2). Hard coding of SQL statements into Java code, if the SQL statements are modified, the need to recompile Java code, is not conducive to system maintenance.
Imagine that SQL statements are configured in an XML configuration file, and the Java code does not need to be recompiled even if SQL changes.
(3). Set parameters to the PreparedStatement, the position of placeholder symbols and set parameter values, hard-coded in Java code, is not conducive to system maintenance.
Imagine: Configure all SQL statements and placeholder symbols and parameters in XML.
(4). When the result set data is traversed from the resutset, there is hard coding, and the field of obtaining the table is hard-coded, which is unfavorable to the system maintenance.
Imagine: Automatically map the result set of a query to a Java object.

2.mybatis allows the program to focus on the SQL, through the MyBatis provided by the mapping method, free and flexible generation (semi-automatic, most of which require programmers to write SQL) to meet the needs of SQL statements.
MyBatis can automatically map the input parameters to the PreparedStatement, mapping the query result set to Java objects. (Output map)
MyBatis frame schematic diagram:

3. Getting Started Program sample
(1) Create sqlmapconfig.xml global configuration file
(2) Mapping file User.xml (original Ibatis naming method), configuring SQL statements in the mapping file
   parametertype: Specifies the type of input parameter in the mapping file by ParameterType
   Resulttype: Specifies the type of output result in the mapping file by Resulttype
   #{} and ${}
#{} represents a placeholder symbol
${} represents a concatenation symbol that can cause SQL injection, so it is not recommended to use
   SelectOne and SelectList
SelectOne represents querying a record for mapping and using selectlist, but only one object
SelectList means that the query out of a list (parameter records) to map, not well able to use SelectOne check, or will report the following error:
    
(3) Loading user.xml mapping file in Sqlmapconfig.xml
(4) Load configuration file, create session Sqlsession object according to session factory Sqlsessionfactory, manipulate database through sqlsession

For details, the following Big gay blog content,

https://blog.csdn.net/h3243212/article/details/51016271

  
5.Spring Integration MyBatis
(1) Integration of ideas
Spring needs to be managed sqlsessionfactory through a single example.
Spring and MyBatis Consolidate build proxy objects and create sqlsession using Sqlsessionfactory. (Spring and MyBatis consolidation is done automatically)
The mapper of the persistence layer needs to be managed by spring.
    
    

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.