zoukankan      html  css  js  c++  java
  • 三种执行SQL语句的的JAVA代码

    问题描述:

      连接数据库,执行SQL语句是必不可少的,下面给出了三种执行不通SQL语句的方法。

    1.简单的Statement执行SQL语句。有SQL注入,一般不使用。

    	public static void testStatement() throws Exception{
    		Statement stm = null;
    		ResultSet rs = null;
    		DataBaseConn con = new DataBaseConn();
    		try{
    			stm = con.getMssqlConn().createStatement();
    			rs = stm.executeQuery("select top 1 * from tfixitem");
    			if(rs.next()){
    				System.out.println("testStatement测试,FIXITEM_CODE = " + rs.getString("FIXITEM_CODE"));
    			}
    			con.closeCon();
    		}catch(Exception e){
    			System.out.println(e.getMessage());
    			e.printStackTrace();
    		}
    	}
    

    2.防止SQL注入的PreparedStatement执行SQL语句。

        public static void testPreparedStatement(){
            PreparedStatement pstm = null;
            ResultSet rs = null;
            DataBaseConn con = new DataBaseConn();
            try{
                pstm = con.getMssqlConn().prepareStatement("select * from tfixitem where fixitem_id = ?");
                pstm.setInt(1, 2);
                rs = pstm.executeQuery();
                if(rs.next()){
                    System.out.println("testPreparedStatement测试,FIXITEM_CODE = " + rs.getString("FIXITEM_CODE"));
                }
            }catch(Exception e){
                e.printStackTrace();
            }
        }

    3.执行存储过程的CallableStatement执行存储过程SQL

        public static void testCallableStatement(){
            CallableStatement cstm = null;
            ResultSet rs = null;
            DataBaseConn con = new DataBaseConn();
            try{
                cstm = con.getMssqlConn().prepareCall("{call SP_QUERY_TFIXITEM(?,?,?,?,?,?,?,?)}");
                cstm.setInt(1, 2);
                cstm.setInt(2, 1);
                cstm.setInt(3, 0);
                cstm.setInt(4, 0);
                cstm.setString(5, "");
                cstm.setString(6, "");
                cstm.setString(7, "");
                cstm.setInt(8, 0);
                rs = cstm.executeQuery();
                if(rs.next()){
                    System.out.println("testCallableStatement测试,FIXITEM_CODE = " + rs.getString("FIXITEM_CODE"));
                }
            }catch(Exception e){
                e.printStackTrace();
            }
        }

    总结:执行简单SQL一般用preparedStatement,执行存储过程使用CallableStatement

  • 相关阅读:
    Ubuntu在用root账户使用xftp连接时提示拒绝连接
    Ubuntu设置root账户密码
    Ubuntu安装Nginx
    Ubuntu不能上网解决办法
    Ubuntu16.04修改静态ip地址
    Ubuntu下vi编辑器不听话
    thinkpad t420安装debian需要注意的细节
    debian7配置iptables
    debian的甘特图工具
    debian修改ssh端口
  • 原文地址:https://www.cnblogs.com/atp-sir/p/6165088.html
Copyright © 2011-2022 走看看