PreparedStatement和statement的区别

本文详细介绍了PreparedStatement在Java中的使用方法,对比了其与Statement的区别,并通过具体示例展示了如何使用PreparedStatement进行数据库操作,包括增删改查等功能。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

一、PreparedStatement概述

  
PreparedStatement是statement的子类,它的实例对象可以通过调用Connection.preparedStatement()方法来获得,相对于Statement对象,PreparedStatement可以防止SQL注入。
  另外Statement会使得数据库频繁编译SQL,有可能会造成数据库缓冲区溢出。PreparedStatement可以对SQL进行预编译,从而提高数据库的执行效率。并且PreparedStatement中对于SQL语句中的参数允许使用占位符的形式进行替换,简化SQL语句的简写。

二、PreparedStatement与Statement的区别

  1.相同点

    两者都是用来执行SQL语句的。

  2.不同点

    1.Statement不安全,不能进行预编译,不能使用占位符,容易造成SQL语句拼接错误。
    2.PreparedStatement是安全的的,可以预编译SQL语句,另外可以使用“?”占位符,从而使得SQL语句更加简洁清晰,还有效率高。

三、利用PreparedStatement来实现增删该查

首先还是我们对前面的学生表来进行增删该查。

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.Scanner;

public class Insert1 {
    public static void main(String[] args) throws Exception {
        //1.连接数据库
        Class.forName("com.mysql.jdbc.Driver");
        //2.获取数据库的连接
        String username = "root";
        String password = "123456";
        String url = "jdbc:mysql://localhost:3306/school";
        Connection connection = DriverManager.getConnection(url, url, password);
        //3.编写SQL语句,使用?作为占位符
        Scanner scanner = new Scanner(System.in);
        System.out.println("请输入你要查询的学号");
        String StudentNo = scanner.nextLine();
        System.out.println("请输入你的密码");
        String LoginPwd = scanner.nextLine();
        String sql = "select * from  student where StudentNo=?and LoginPwd =?";
        PreparedStatement statement = connection.prepareStatement(sql);
        statement.setObject(1, StudentNo);
        statement.setObject(2, LoginPwd);
        ResultSet resultSet = statement.executeQuery();
        while (resultSet.next()) {
            System.out.println(resultSet.getObject(1));
            System.out.println(resultSet.getObject(2));
            System.out.println(resultSet.getObject(3));
        }
    }
}

我们可以看出上面的方法用起来代码显得非常臃肿,因此我们 可以编写一个工具类来实现增删该查,到时候我们只需要传入需要的参数就OK。

四、利用编写的工具类来实现增删该查

1.首先还是先写一个配置文件

driver = com.mysql.jdbc.Driver
username = root
password = 123456
url = jdbc:mysql://localhost:3306/school?useSSL=true

2.编写工具类
在这个工具类中可以仔细分析它实现的功能,设计的还是非常巧妙地。

package org.westos.pojo;


import java.io.IOException;
import java.io.InputStream;
import java.sql.*;
import java.util.Properties;

public class JDBCUtils {
    private static String driver = null;
    private static String username = null;
    private static String password = null;
    private static String url = null;

    static {
        try {
            //1、加载配置文件
            InputStream stream = JDBCUtils.class.getClassLoader().getResourceAsStream("database.properties");
            Properties properties = new Properties();
            properties.load(stream);
            //2.加载配置文件
            driver = properties.getProperty("driver");
            password = properties.getProperty("password");
            username = properties.getProperty("username");
            url = properties.getProperty("url");
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
    //获取数据库连接对象
    public static Connection getConnection()throws Exception{
        //加载数据库驱动
        Class.forName(driver);
        Connection connection = DriverManager.getConnection(url,username,password);
        return connection;
    }
    //查询
    public static ResultSet query(Connection connection,PreparedStatement preparedStatement,String sql,ResultSet resultSet,Object[]params)throws Exception{
        preparedStatement = connection.prepareStatement(sql);
        for (int i = 0; i < params.length; i++) {
            preparedStatement.setObject(i+1,params[i]);
        }
         resultSet = preparedStatement.executeQuery();
        return resultSet;
    }
    //更改
    public static int update(Connection connection,PreparedStatement preparedStatement,String sql,Object[]params)throws Exception{
         preparedStatement = connection.prepareStatement(sql);
        for (int i = 0; i < params.length; i++) {
            preparedStatement.setObject(i+1,params[i]);
        }
        int i = preparedStatement.executeUpdate();
        return i;
    }
    //释放资源
    public static <prepareStatement> void closeAll(ResultSet resultSet, Connection connection,PreparedStatement preparedStatement){

        if (preparedStatement != null){
            try {
               preparedStatement.close();
            } catch (SQLException e) {
                e.printStackTrace();
            }
        }
        if (connection != null){
            try {
                connection.close();
            } catch (SQLException e) {
                e.printStackTrace();
            }
        }
        if (resultSet != null){
            try {
                resultSet.close();
            } catch (SQLException e) {
                e.printStackTrace();
            }
        }
    }
}

3.通过工具类来进行查询

package org.westos.pojo;

import org.jboss.arquillian.test.spi.annotation.TestScoped;
import org.junit.Test;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.Scanner;

public class sqlScentence {
    @Test
    public void query() throws Exception {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ArrayList<Object> objects = new ArrayList<>();
        ResultSet resultSet = null;
        String  StudentNo = null;
        String password = null;
        String sql = null;
        Scanner scanner = new Scanner(System.in);
        System.out.println("请输入你要查询的学号");
        StudentNo  = scanner.nextLine();
        System.out.println("请输入你的密码");
         password = scanner.nextLine();
        connection = JDBCUtils.getConnection();
          sql = "select * from  student where StudentNo=?and LoginPwd =?";
          objects.add(StudentNo);
          objects.add(password);
        Object[] array = objects.toArray();
        ResultSet query = JDBCUtils.query(connection, preparedStatement, sql, resultSet, array);
        while (query.next()){
            System.out.println(query.getObject(1));
            System.out.println(query.getObject(2));
            System.out.println(query.getObject(3));
        }
    }
    @Test
    public void insert ()throws Exception{
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ArrayList<Object> objects = new ArrayList<>();
        connection = JDBCUtils.getConnection();
        objects.add(1018);
        objects.add(1234567);
        objects.add("赵文君");
        objects.add(2);
        objects.add(4);
        objects.add("28282828282");
        objects.add("重庆");
        objects.add("1986-12-11 00:00:00");
        objects.add("test1@bdqn.cn");
        objects.add("450323198612314232");
        Object[]  array = objects.toArray();


        String sql = "insert into student (StudentNo,LoginPwd,StudentName,Sex,GradeId,Phone,Address,BornDate,Email,IdentityCard)values(?,?,?,?,?,?,?,?,?,?)";
        int update = JDBCUtils.update(connection, preparedStatement, sql, array);
        if (update>0){
            System.out.println(666666666);
        }
    }
    @Test
    public void update()throws Exception{
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ArrayList<Object> objects = new ArrayList<>();
        objects.add(1000);
        objects.add(2);
        Object[] array = objects.toArray();
         connection = JDBCUtils.getConnection();
        String sql = "update  result set StudentResult =100 where StudentNo = ? and SubjectNo= ? ";
        int update = JDBCUtils.update(connection, preparedStatement, sql, array);
        if (update>0){
            System.out.println(666666);
        }
    }
    @Test
    public void delete()throws Exception{
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ArrayList<Object> objects = new ArrayList<>();
        connection = JDBCUtils.getConnection();
        objects.add(1000);
        Object[] array = objects.toArray();
        String sql = "delete from student where StudentNo=?";
        int i = JDBCUtils.update(connection, preparedStatement, sql, array);
        if (i>0){
            System.out.println(67899);
        }
    }
}

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值