Java connection MySQL (i)

1 ImportJava.sql.*;
2 
3  Public classmysqltest4 {
5      Public Static voidMain (string[] args)throwssqlexception,classnotfoundexception{6         //TODO auto-generated Method Stub
7          
8String url = "Jdbc:mysql://localhost/xh";
9String username = "Xiaohengdada";
TenString password = "123456";
 One         //Drivermanager.registerdriver (New Com.mysql.jdbc.Driver ());
 A      
 -Class.forName ("Org.gjt.mm.mysql.Driver");  -      
 theConnection Connection =drivermanager.getconnection (Url,username,password); -          
 -Statement stat =connection.createstatement (); -          
 +         
 -         //perform a Find operation
 +ResultSet Rsresultset = Stat.executequery ("SELECT * from Students");  A          
 at          while(Rsresultset.next ()) { -SYSTEM.OUT.PRINTLN ("id =" + rsresultset.getobject ("id")));  -System.out.println ("name =" + rsresultset.getobject ("name")));  -System.out.println ("sex =" + rsresultset.getobject ("Sex")));  -System.out.println ("age =" + Rsresultset.getobject ("Age"));  -         }
 in             
 -          //Perform an update operation
 toString sql = "Update students set name = ' Xiaoheng ' WHERE name = ' Ender '";
 + System.out.println (SQL); -        intStatentnum =stat.executeupdate (SQL); the System.out.println (statentnum); *         if(statentnum>0) {
 $SYSTEM.OUT.PRINTLN ("Update OK"); Panax Notoginseng         }
 -              
 the          //perform a delete operation
 +sql = "Delete from students where name = ' Peter '";
 A System.out.println (SQL); theStatentnum =stat.executeupdate (SQL); +System.out.println (Statentnum);//Why the output here is 0
 -         if(statentnum>0) {
 $System.out.println ("Delete OK");  $         }
 -                 
 -         //Perform an insert operation
 theSql= "INSERT into students values (8, ' nimeide ', ' FEMA ', ' 255 ')";
 - System.out.println (SQL);WuyiStatentnum =stat.executeupdate (SQL); theSystem.out.println (Statentnum);//Why the output here is 0
 -         if(statentnum>0) {
 WuSystem.out.println ("Insert OK");  -         }
 About                 
 $          //release of Resources
 - rsresultset.close (); - stat.close (); - connection.close (); A     }
 +}

The above is equivalent to the normal interaction process, each processing a piece of data, you need to access the database.

Therefore, batch processing and transactions can be used for processing.

Batch processing: accumulate to a certain amount, then commit to the database once, reduce the interaction with the database, so the efficiency will increase.

Transactions: A transaction is a logical set of operations that make up the units of this set of operations, either all succeed, or all are unsuccessful, and the transaction is closed by default.

Prevention of SQL Injection

SQL injection is the behavior of a user exploiting some systems that do not adequately check the input data for malicious damage.
1, statement there is a SQL injection attack problem, such as login user name with ' or 1=1 or username= '
2, for the prevention of SQL injection, you can use PreparedStatement instead of statement.

PreparedStatement

Preperedstatement is a child of statement, and its instance object can be obtained by invoking the Connection.preparedstatement () method, with respect to the advantages of the statement object:
(1) Prevent SQL injection: Preperedstatement can avoid problems with SQL injection.
(2) Precompiled SQL statement: statement causes the database to compile SQL frequently, potentially causing a database buffer overflow. PreparedStatement can pre-compile SQL to improve the efficiency of database execution.
(3) Use placeholders to simplify statements: and preperedstatement for parameters in SQL, allowing for substitution in the form of placeholders, simplifying the writing of SQL statements. (for example, multiple loops insert data)

Java connection MySQL (i)