通过创建PreparedStatement对象来解决SQL注入异常的问题,将模糊查询的keyword与主程序分离,提高了程序的健壮性。模糊规则有待继续加强学习!!为了省麻烦将所有Exception直接抛出 真是罪过。。跪求不喷。
import java.sql.PreparedStatement ;
import java.sql.ResultSet ;
import java.sql.Connection ;
import java.sql.DriverManager ;
import java.sql.SQLException ;
import java.text.SimpleDateFormat ;
class Tester
{
public static final String DBURL = "jdbc:mysql://localhost:3306/student" ;
public static final String DBUSER = "root" ;
public static final String DBPASS = "include" ;
public static final String DBDRIVER = "org.gjt.mm.mysql.Driver" ;
public static void main(String args[]) throws Exception
{
Connection con =null;
PreparedStatement ps = null;
ResultSet rs=null;
String keyword="王" ;
String sql="select id,name,password,age,sex,birthday from user where name like ?" ;
Class.forName(DBDRIVER) ;
con=DriverManager.getConnection(DBURL,DBUSER,DBPASS);
ps=con.prepareStatement(sql) ;
ps.setString(1,"%"+keyword+"%") ;//模糊查询
rs=ps.executeQuery();
while(rs.next())
{
int id=rs.getInt(1) ;
String name =rs.getString(2) ;
int password = rs.getInt(3);
int age = rs.getInt(4) ;
String sex = rs.getString(5) ;
java.util.Date date = rs.getDate(6);
System.out.println("id"+id);
System.out.println("姓名:"+name) ;
System.out.println("密码:"+password) ;
System.out.println("年龄"+age) ;
System.out.println("性别:"+sex);
System.out.println("生日"+date) ;
}
rs.close();
ps.close();
con.close();
}
}