PreparedStatement的setString方法

sinat_37677711 2017-07-12 09:21:48

这是API，看了还是不太懂这个方法是啥作用呢
例如在下面例子中

...全文

1567 2 打赏收藏转发到动态举报

写回复

2 条回复

切换为时间正序

请发表友善的回复…

发表回复

AYellow2048 2017-07-12

打赏
举报

回复 1

就是给Statement语句中的？占位符设置值，比如 public User findUserByName(String userName){ PreparedStatement ps = con.preparedStatement("select * from user where user_name = ?"); preparedStatment.setString(1, userName); ........... } 为什么不这样用呢？ con.preparedStatement("select * from user where user_name"+userName); 因为这样你的网站会被黑客脱光光，请自行搜索学习SQL注入攻击。

dospy微光 2017-07-12

打赏
举报

回复

给sql语句的占位符设置值

此实例意在解决预处理命令PreparedStatement的setString()方法，在sql2008数据库中写入数据时，会自动补足空格的问题，同时此实例也解决了当存在自动补足空格的问题时，使用nvarchar可以使查找出来的数据与原输入数据一致，不会出现多余的空格

package user; import java.sql.*; import java.util.*; import java.util.Date; import java.sql.PreparedStatement; import com.ConnDB; import java.sql.*; import java.util.*; import com.ConnDB; public class UserDB extends ConnDB{ private ArrayList user; public UserDB () throws Exception { } public boolean userExist(String username){ boolean occupied=true; try { ConnDB.initialize(); // create database connection PreparedStatement preparedStatement = conn.prepareStatement ( "select userid from Buser where username=?"); preparedStatement.setString (1, username); ResultSet resultSet = preparedStatement.executeQuery (); if(!resultSet.next()) occupied=false; preparedStatement.close (); ConnDB.terminate(); } catch(SQLException e){ e.printStackTrace(); ConnDB.terminate(); } return occupied; } public boolean isValidUser (String username, String password) { boolean isValid=false; try { ConnDB.initialize(); // create database connection PreparedStatement preparedStatement = conn.prepareStatement ( "SELECT username, password FROM Buser WHERE username=? and password=?"); preparedStatement.setString (1, username); preparedStatement.setString (2, password); ResultSet resultSet = preparedStatement.executeQuery (); if (resultSet.next ()) { isValid=true; preparedStatement.close (); ConnDB.terminate(); } else { preparedStatement.close (); ConnDB.terminate(); //return isValid; } } catch (SQLException e) { ConnDB.terminate(); //return isValid; } return isValid; } public boolean find(String key) { boolean gotIt=false; try { ConnDB.initialize(); // create database connection PreparedStatement preparedStatement = conn.prepareStatement ( "SELECT username, password FROM Buser WHERE username = ?"); preparedStatement.setString (1, key); ResultSet resultSet = preparedStatement.executeQuery (); if (resultSet.next ()) { gotIt=true; preparedStatement.close (); ConnDB.terminate(); } else { preparedStatement.close (); ConnDB.terminate(); //return isValid; } } catch (SQLException e) { ConnDB.terminate(); //return gotIt; } return gotIt; } public User getUser (int id) { try { ConnDB.initialize(); // create database connection PreparedStatement preparedStatement = conn.prepareStatement ( "SELECT userid, username, rname, password, email, address, postdate, tel " + "FROM Buser WHERE userId = ?"); preparedStatement.setInt (1, id); ResultSet resultSet = preparedStatement.executeQuery (); if (resultSet.next ()) { User users = new User ( resultSet.getInt (1), resultSet.getString (2), resultSet.getString (3), resultSet.getString (4), resultSet.getString (5), resultSet.getString (6), resultSet.getString (7), resultSet.getString (8) ); preparedStatement.close (); ConnDB.terminate(); return users; } else { preparedStatement.close (); ConnDB.terminate(); return null; } } catch (SQLException e) { ConnDB.terminate(); return null; } } public User getUser (String username) { try { ConnDB.initialize(); // create database connection PreparedStatement preparedStatement = conn.prepareStatement ( "SELECT userid, username, rname, password, email, address, postdate, tel " + "FROM Buser WHERE username = ?"); preparedStatement.setString (1, username); ResultSet resultSet = preparedStatement.executeQuery (); if (resultSet.next ()) { User users = new User ( resultSet.getInt (1), resultSet.getString (2), resultSet.getString (3), resultSet.getString (4), resultSet.getString (5), resultSet.getString (6), resultSet.getString (7), resultSet.getString (8) ); preparedStatement.close (); ConnDB.terminate(); return users; } else { preparedStatement.close (); ConnDB.terminate(); return null; } } catch (SQLException e) { ConnDB.terminate(); return null; } } public int addUsers (User users) { System.out.println("**"); int rowsAffected = 0; try { ConnDB.initialize(); // create database connection PreparedStatement preparedStatement = conn.prepareStatement ( "INSERT INTO Buser (username, rname, password, email, address, postdate, tel) " + "VALUES (?, ?, ?, ?, ?, ?, ?)"); preparedStatement.setString (1, users.getUsername ()); preparedStatement.setString (2, users.getRname ()); preparedStatement.setString (3, users.getPassword()); preparedStatement.setString (4, users.getEmail()); preparedStatement.setString (5, users.getAddress()); preparedStatement.setString (6, users.getPostdate()); preparedStatement.setString (7, users.getTel()); //判断是否重复添加 if(find(users.getUsername ())){ rowsAffected =2; System.out.println("exist username"); } else{ rowsAffected = preparedStatement.executeUpdate (); System.out.println(rowsAffected + "add"); } preparedStatement.close (); ConnDB.terminate(); } catch (SQLException e) { ConnDB.terminate(); return 0; } return rowsAffected; } public int deleteUser (int id) { int rowsAffected = 0; try { ConnDB.initialize(); // create database connection PreparedStatement preparedStatement = conn.prepareStatement ("DELETE FROM Buser WHERE userid = ?"); preparedStatement.setInt (1, id); rowsAffected = preparedStatement.executeUpdate (); preparedStatement.close (); ConnDB.terminate(); } catch (SQLException e) { ConnDB.terminate(); return 0; } return rowsAffected; } public int modifyUser (User users) { int rowsAffected = 0; try { ConnDB.initialize(); // create database connection PreparedStatement preparedStatement = conn.prepareStatement ( "UPDATE Buser SET username=?, rname=?, password=?, email=?, address=?, postdate=?, tel=? " + "WHERE userid =?"); preparedStatement.setString (1, users.getUsername ()); preparedStatement.setString (2, users.getRname ()); preparedStatement.setString (3, users.getPassword()); preparedStatement.setString (4, users.getEmail()); preparedStatement.setString (5, users.getAddress()); preparedStatement.setString (6, users.getPostdate()); preparedStatement.setString (7, users.getTel()); preparedStatement.setInt (8, users.getId ()); rowsAffected = preparedStatement.executeUpdate (); preparedStatement.close (); ConnDB.terminate(); } catch (SQLException e) { ConnDB.terminate(); return 0; } return rowsAffected; } public Collection getUser () { user = new ArrayList (); try { ConnDB.initialize(); // create database connection PreparedStatement preparedStatement = conn.prepareStatement ( "SELECT userid, username, rname, password, email, address, postdate, tel " + "FROM Buser"); ResultSet resultSet = preparedStatement.executeQuery (); while (resultSet.next ()) { User users = new User ( resultSet.getInt (1), resultSet.getString (2), resultSet.getString (3), resultSet.getString (4), resultSet.getString (5), resultSet.getString (6), resultSet.getString (7), resultSet.getString (8) ); user.add(users); } preparedStatement.close (); } catch (SQLException e) { return null; } ConnDB.terminate(); //Collections.sort(user); return user; } public boolean isModify(String key,int id) { boolean modifyIt=false; try { ConnDB.initialize(); // create database connection PreparedStatement preparedStatement = conn.prepareStatement ( "SELECT userid FROM Buser WHERE username = ? and userd <> ?"); preparedStatement.setString (1, key); preparedStatement.setInt (2, id); ResultSet resultSet = preparedStatement.executeQuery (); if (resultSet.next ()) { modifyIt=true; preparedStatement.close (); ConnDB.terminate(); } else { preparedStatement.close (); ConnDB.terminate(); //return isValid; } } catch (SQLException e) { ConnDB.terminate(); //return gotIt; } return modifyIt; } }

我们知道进行编码和转码工作都是集中在JDBC的两个接口PreparedStatement和ResultSet上进行的，主要涉及PreparedStatement的setString方法以及ResultSet的getString方法。前面我们讲过需要加入一个连接封装层来对数据库连接实例进行二次封装，但是怎么通过这个封装来改变PreparedStatement和ResultSet这两个接口的行为呢？这个问题其实也很简单，因为PreparedStatement接口必须通过Connection接口来获取实例，而ResultSet接口又必须从Statement或者PreparedStatement接口来获取实例，有了这样的级联关系，问题也就迎刃而解了。还是利用我在文章《使用JAVA动态代理实现数据库连接池》中使用的动态接口代理技术。首先我们设计Connection接口的代理类_Connection，这个代理类接管了Connection接口中所有可能获取到Statement或者PreparedStatement接口实例的方法，例如：prepareStatement和createStatement。改变这两个方法使之返回的是经过接管后的Statement或者PreparedStatement实例。通过对于Statement接口也有相应的代理类_Statement，这个代理类接管用于获取ResultSet接口实例的所有方法，包括对setString方法的接管以决定是否对字符串进行编码处理。对于接口ResultSet的接管类_ResultSet就相应的比较简单，它只需要处理getString方法即可。

主要介绍了java中PreparedStatement和Statement详细讲解，文中通过示例代码介绍的非常详细，对大家的学习或者工作具有一定的参考学习价值，需要的朋友们下面随着小编来一起学习学习吧

JAVA学习使用JDBC的高级特征创建应用程序PPT教案学习.pptx

67,538

社区成员

225,852

社区内容

发帖

与我相关

我的任务

社区管理员

加入社区

近7日
近30日
至今

加载中

查看更多榜单

社区公告

暂无公告

试试用AI创作助手写篇文章吧

+ 用AI写文章