连接数据库

下载mysql-connector-java，这里我是看的这个连接mysql-connector-java下载。
下载后并且导入了Idea中的lib文件下。

导入成功后，为了验证可以通过CTRL+n来搜索Driver看看有没有添加进来。

随后在MySQL中创建一个数据库，我这里直接使用的是Navicat，创建了一个java_learn的数据库

在测试类中的测试代码
参考文档元动力

package com;import org.junit.Test;import java.sql.Connection;
import java.sql.Driver;
import java.sql.DriverManager;
import java.sql.SQLException;public class TestJDBC {@Testpublic void testConnnection1() throws SQLException {//定义要素String driverName="com.mysql.cj.jdbc.Driver";//后面加上时区String url="jdbc:mysql://127.0.0.1:3306/java_learn?serverTimezone=GMT%2B8";String username="root";String password="200625";//加载驱动Driver driver= new com.mysql.cj.jdbc.Driver();//注册驱动DriverManager.registerDriver(driver);//获取连接Connection connection=DriverManager.getConnection(url,username,password);System.out.println(connection);}
}//输出
com.mysql.cj.jdbc.ConnectionImpl@1de76cc7

如上，就说明了数据库连接成功。

也可以更加简洁如下

    @Testpublic void testConnnection2() throws SQLException {//定义要素String driverName="com.mysql.cj.jdbc.Driver";//后面加上时区String url="jdbc:mysql://127.0.0.1:3306/java_learn?serverTimezone=GMT%2B8";String username="root";String password="200625";//加载驱动//new com.mysql.cj.jdbc.Driver();//jdk会默认创建，也可以去掉下面的代码Class.forName(driverName);//获取连接Connection connection=DriverManager.getConnection(url,username,password);System.out.println(connection);}

如果在上面不创建 Class.forName(driverName);这个类的话，会通过SPI自动创建，如下的源码。

其中会自动读取下面文件中的内容

访问数据库

package com.entity;import java.util.Date;public class User {private int id;private String username;private String password;private Date data;public int getId() {return id;}public void setId(int id) {this.id = id;}public String getUsername() {return username;}public void setUsername(String username) {this.username = username;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}public Date getData() {return data;}public void setData(Date data) {this.data = data;}@Overridepublic String toString() {return "User{" +"id=" + id +", username='" + username + '\'' +", password='" + password + '\'' +", data=" + data +'}';}
}

 @Testpublic void testStatement2() throws SQLException {//定义要素String driverName="com.mysql.cj.jdbc.Driver";//后面加上时区String url="jdbc:mysql://127.0.0.1:3306/java_learn?serverTimezone=GMT%2B8";String username="root";String password="200625";//让jvm加载一下就行了//Class.forName(driverName);//获取连接Connection connection= DriverManager.getConnection(url,username,password);System.out.println(connection);Statement statement=connection.createStatement();String sql="select * from user_sql";ResultSet resultSet = statement.executeQuery(sql);System.out.println(resultSet);ArrayList<User> users=new ArrayList<>();while(resultSet.next()){User user =new User();int id = resultSet.getInt(1);String name =resultSet.getString(2);String password_sql=resultSet.getString(3);Date birthday=resultSet.getDate(4);user.setId(id);user.setUsername(name);user.setPassword(password_sql);user.setData(birthday);users.add(user);}System.out.println(users);}

优化代码

@Testpublic void testStatement3() throws SQLException {//定义要素String driverName="com.mysql.cj.jdbc.Driver";//后面加上时区String url="jdbc:mysql://127.0.0.1:3306/java_learn?useUnicode=true&characterEncoding=utf8&useSSL=false&serverTimezone=Asia/Shanghai";String username="root";String password="200625";String sql="select * from user_sql";Connection conn=null;Statement statement =null;ResultSet resultSet = null;try{Driver driver=new com.mysql.cj.jdbc.Driver();DriverManager.registerDriver(driver);conn = DriverManager.getConnection(url,username,password);statement =conn.createStatement();resultSet=statement.executeQuery(sql);ArrayList<User> users=new ArrayList<>();while(resultSet.next()){User user =new User();int id = resultSet.getInt(1);String name =resultSet.getString(2);String password_sql=resultSet.getString(3);Date birthday=resultSet.getDate(4);user.setId(id);user.setUsername(name);user.setPassword(password_sql);user.setData(birthday);users.add(user);}System.out.println(users);}catch (Exception exception){exception.printStackTrace();}finally {if(conn!=null){try{conn.close();}catch (SQLException e){e.printStackTrace();}}if(statement!=null){try{statement.close();}catch (SQLException e){e.printStackTrace();}}if(resultSet!=null){try{resultSet.close();}catch (SQLException e){e.printStackTrace();}}}}

进一步进行优化
对函数进行封装

package com.util;import java.sql.*;public class DBUtil {public static Connection getConnection(){String url="jdbc:mysql://127.0.0.1:3306/java_learn?useUnicode=true&characterEncoding=utf8&useSSL=false&serverTimezone=Asia/Shanghai";String username="root";String password="200625";String sql="select * from user_sql";Connection conn=null;Statement statement =null;ResultSet resultSet = null;try{Driver driver = new com.mysql.cj.jdbc.Driver();DriverManager.registerDriver(driver);return DriverManager.getConnection(url, username, password);}  catch (Exception exception){exception.printStackTrace();}return null;}public static void closeAll(Connection conn,Statement statement,ResultSet resultSet){if(conn!=null){try{conn.close();}catch (SQLException e){e.printStackTrace();}}if(statement!=null){try{statement.close();}catch (SQLException e){e.printStackTrace();}}if(resultSet!=null){try{resultSet.close();}catch (SQLException e){e.printStackTrace();}}}}

 @Testpublic void testStatement3() throws SQLException {String sql="select * from user_sql";Connection conn=null;Statement statement =null;ResultSet resultSet = null;try{conn = DBUtil.getConnection();statement =conn.createStatement();resultSet=statement.executeQuery(sql);List<User> users=new ArrayList<>();while(resultSet.next()){User user =new User();int id = resultSet.getInt(1);String name =resultSet.getString(2);String password_sql=resultSet.getString(3);Date birthday=resultSet.getDate(4);user.setId(id);user.setUsername(name);user.setPassword(password_sql);user.setData(birthday);users.add(user);}System.out.println(users);}catch (Exception exception){exception.printStackTrace();}finally {DBUtil.closeAll(conn,statement,resultSet);}}

登录的例子

public static void main(String[] args) {//输入用户名和密码Scanner sc= new Scanner(System.in);System.out.println("请输入用户名：");String username = sc.nextLine();System.out.println("请输入密码：");String password=sc.nextLine();String sql = "select * from user_sql where name='"+username+"' and password = '"+password+"'";Connection conn = null;Statement statement = null;ResultSet resultSet = null;try{System.out.println("sql------>"+sql);conn=DBUtil.getConnection();statement=conn.createStatement();resultSet=statement.executeQuery(sql);if(resultSet.next()){System.out.println("登录成功");return;}else {System.out.println("登录失败");}} catch (SQLException throwables) {System.out.println("登录失败");throwables.printStackTrace();}finally {DBUtil.closeAll(conn,statement,resultSet);}}

//输出
请输入用户名：
root
请输入密码：
123
sql------>select * from user_sql where name=‘root’ and password = ‘123’
登录成功

但是其中也有很严重的问题，比如如下的例子：（sql注入，会绕开逻辑）
请输入用户名：
root
请输入密码：
132432423’ or 1='1
sql------>select * from user_sql where name=‘root’ and password = ‘132432423’ or 1=‘1’
登录成功

因为在输入密码的时候后面加上了or 1='1，使得sql代码执行了1=‘1’，这样就会导致结果是true。

PreparedStatement的使用

mysql的预编译：
通常我们发送一条SQL语句给MySQL服务器时，MySQL服务器每次都需要对这条SQL语句进行校验、解析等操作。
但是有很多情况下，我们的一条SQL语句可能需要反复的执行，每次执行可能仅仅是传递的参数不同而已，类似于这样的SQL语句如果每次都需要进行校验、解析等操作，未免太过于浪费性能了，因此产生了SQL语句的预编译。

所谓预编译就是将一些灵活的参数值以占位符?的形式给代替掉，我们把参数值给抽取出来，把SQL语句进行模板化。让MySQL服务器执行相同的SQL语句时，不需要在校验、解析SQL语句上面花费重复的时间。

-- 预编译 --
PREPARE statement from 'SELECT * FROM user_sql WHERE id=? and name=?';set @id=6;
set @name='root';execute statement using @id,@name;

查看mysql的通用查询日志。

show VARIABLES like '%general_log%'

发现其中的general_log是OFF，所以这里要增加一个打开的语句。

set GLOBAL general_log=1

如果其中要永久打开通用查询日志，需要在配置文件中进行修改，其中配置文件的路径是C:\ProgramData\MySQL\MySQL Server 8.0
打开其中的my.ini文件，并且将其中的general-log改为1

改为防止sql注入的方法

    public static void main(String[] args) {String sql = "select * from user_sql where id=?";Connection conn = null;PreparedStatement statement = null;ResultSet resultSet = null;try{System.out.println("sql------>"+sql);conn=DBUtil.getConnection();statement=conn.prepareStatement(sql);statement.setInt(1,3);resultSet=statement.executeQuery();ArrayList<User> users=new ArrayList<>();while(resultSet.next()){User user =new User();int id = resultSet.getInt(1);String name =resultSet.getString(2);String password_sql=resultSet.getString(3);Date birthday=resultSet.getDate(4);user.setId(id);user.setUsername(name);user.setPassword(password_sql);user.setData(birthday);users.add(user);}System.out.println(users);} catch (SQLException throwables) {throwables.printStackTrace();}finally {DBUtil.closeAll(conn,statement,resultSet);}}

改为登录的代码

public static void main(String[] args) {String sql = "select * from user_sql where id=? and password =?";Connection conn = null;PreparedStatement statement = null;ResultSet resultSet = null;try{System.out.println("sql------>"+sql);conn=DBUtil.getConnection();statement=conn.prepareStatement(sql);Scanner sc=new Scanner(System.in);System.out.println("请输入账号");int id_in=sc.nextInt();System.out.println("请输入密码");String psw=sc.next();statement.setInt(1,id_in);statement.setString(2,psw);resultSet=statement.executeQuery();User user =new User();if(resultSet.next()) {int id = resultSet.getInt(1);String name = resultSet.getString(2);String password_sql = resultSet.getString(3);Date birthday = resultSet.getDate(4);user.setId(id);user.setUsername(name);user.setPassword(password_sql);user.setData(birthday);System.out.println(user);}else {System.out.println("登录失败");}} catch (SQLException throwables) {throwables.printStackTrace();}finally {DBUtil.closeAll(conn,statement,resultSet);}}

注解，其中resultSet.next()的具体解释

boolean java.sql.ResultSet.next() throws SQLException Moves the cursor
forward one row from its current position. A ResultSet cursor is
initially positioned before the first row; the first call to the
method next makes the first row the current row; the second call makes
the second row the current row, and so on. When a call to the next
method returns false, the cursor is positioned after the last row. Any
invocation of a ResultSet method which requires a current row will
result in a SQLException being thrown. If the result set type is
TYPE_FORWARD_ONLY, it is vendor specified whether their JDBC driver
implementation will return false or throw anSQLException on a
subsequent call to next. If an input stream is open for the current
row, a call to the method next will implicitly close it. A ResultSet
object’s warning chain is cleared when a new row is read.

将指针移动到当前位置的下一行。
ResultSet指针的初始位置位于第一行之前；
第一次调用next()方法将会把第一行设置为当前行；
第二次调用next()方法指针移动到第二行，以此类推。
当对next()方法调用返回 false，说明此时指针位于最后一行之后。所有对 ResultSet需要使用当前行的方法[注:如getString()、getInt()等等]的调用都将导致next()方法抛出 SQLException异常。如果返回的 ResultSet 集合的类型被设置为 TYPE_FORWARD_ONLY ，会在随后对next()方法的调用中返回false 或抛出 SQLException 异常，因不同的数据库提供者的 JDBC 驱动实现而异。
如果为当前行打开了一个输入流，对next()方法的调用将会隐式地关闭它。 当新的一行读入时，ResultSet对象的警告链将被清空。

小结，PreparedStatement 有一下有点：

1、sql的可读性更强，参数更加灵活更加面向对象，不再是简单的拼接字符串。

2、sql会进行预编译，性能高，可以进行重复利用。

3、sql的预编译同样可以防止sql注入。

增删改查

首先创建如下类

创建一个用户类

package com.entity;import java.sql.Date;public class User {private Integer id;private String username;private String password;private Date date;public User() {}public User(Integer id, String username, String password, Date date) {this.id = id;this.username = username;this.password = password;this.date = date;}public Integer getId() {return id;}public void setId(Integer id) {this.id = id;}public String getUsername() {return username;}public void setUsername(String username) {this.username = username;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}public Date getDate() {return date;}public void setDate(Date date) {this.date = date;}@Overridepublic String toString() {return "User{" +"id=" + id +", username='" + username + '\'' +", password='" + password + '\'' +", date=" + date +'}';}
}

写一个接口

package com.dao;import com.entity.User;import java.util.List;public interface UserDao {/*** 插入数据* @param user 用户实例* @return 受影响的行数*/int insertUser(User user);/*** 根据id删除用户* @param id* @return 受影响的行数*/int deleterUser(int id);/*** 修改用户* @param user 需要修改的用户* @return 修改后的用户*/int updateUser(User user);/*** 根据id选择用户* @param id* @return 结果*/User selectUser(int id);/*** 查询所有的用户* @return 用户列表*/List<User> selectAllUsers();}

对接口中的函数进行重写

package com.dao.impl;import com.dao.UserDao;
import com.entity.User;
import com.util.DBUtil;import java.sql.*;
import java.util.ArrayList;
import java.util.List;
import java.util.Scanner;public class UserDaoImpl implements UserDao {@Overridepublic int insertUser(User user) {String sql = "insert into user_sql(name,password,birthday) value(?,?,?)";Connection conn = null;PreparedStatement statement = null;ResultSet resultSet = null;try{System.out.println("sql------>"+sql);conn= DBUtil.getConnection();statement=conn.prepareStatement(sql);statement.setString(1,user.getUsername());statement.setString(2,user.getPassword());statement.setDate(3, new Date(new java.util.Date().getTime()));int rows=statement.executeUpdate();return rows;} catch (SQLException throwables) {throwables.printStackTrace();return -1;}finally {DBUtil.closeAll(conn,statement,null);}}@Overridepublic int deleterUser(int id) {String sql = "delete from user_sql where id=?";Connection conn = null;PreparedStatement statement = null;ResultSet resultSet = null;try{System.out.println("sql------>"+sql);conn= DBUtil.getConnection();statement=conn.prepareStatement(sql);statement.setInt(1, id);int rows=statement.executeUpdate();return rows;} catch (SQLException throwables) {throwables.printStackTrace();return -1;}finally {DBUtil.closeAll(conn,statement,null);}}@Overridepublic int updateUser(User user) {String sql = "update user_sql set name =?,password=?,birthday=? where id=? ";Connection conn = null;PreparedStatement statement = null;ResultSet resultSet = null;try{System.out.println("sql------>"+sql);conn= DBUtil.getConnection();statement=conn.prepareStatement(sql);statement.setString(1,user.getUsername());statement.setString(2,user.getPassword());statement.setDate(3,  user.getDate());statement.setInt(4,user.getId());return statement.executeUpdate();} catch (SQLException throwables) {throwables.printStackTrace();return 0;}finally {DBUtil.closeAll(conn,statement,null);}}@Overridepublic User selectUser(int id) {String sql = "select * from user_sql where id=?";Connection conn = null;PreparedStatement statement = null;ResultSet resultSet = null;try{System.out.println("sql------>"+sql);conn= DBUtil.getConnection();statement=conn.prepareStatement(sql);statement.setInt(1,id);resultSet=statement.executeQuery();User user =new User();if(resultSet.next()) {String name = resultSet.getString("name");String password_sql = resultSet.getString("password");Date birthday = resultSet.getDate("birthday");user.setId(id);user.setUsername(name);user.setPassword(password_sql);user.setDate(birthday);return user;}else {return null;}} catch (SQLException throwables) {throwables.printStackTrace();return null;}finally {DBUtil.closeAll(conn,statement,resultSet);}}@Overridepublic List<User> selectAllUsers() {String sql = "select id,name,password,birthday from user_sql";Connection conn = null;PreparedStatement statement = null;ResultSet resultSet = null;List<User> L=new ArrayList<>();try{System.out.println("sql------>"+sql);conn= DBUtil.getConnection();statement=conn.prepareStatement(sql);resultSet=statement.executeQuery();while (resultSet.next()) {User user =new User();int id=resultSet.getInt(1);String name = resultSet.getString(2);String password_sql = resultSet.getString(3);Date birthday = resultSet.getDate(4);user.setId(id);user.setUsername(name);user.setPassword(password_sql);user.setDate(birthday);L.add(user);}} catch (SQLException throwables) {throwables.printStackTrace();}finally {DBUtil.closeAll(conn,statement,resultSet);}return L;}
}

增删改查测试

    @Testpublic  void TestInsert() {User user =new User(null,"lym","123",new Date(new java.util.Date().getTime()));UserDao userDao=new UserDaoImpl();userDao.insertUser(user);}@Testpublic  void TestDelete() {int id=11;//打算删除的用户UserDao userDao=new UserDaoImpl();userDao.deleterUser(11);}@Testpublic  void TestUpdate() {User user =new User(8,"lym","123",new Date(new java.util.Date().getTime()));UserDao userDao=new UserDaoImpl();userDao.updateUser(user);}@Testpublic  void TestSelect() {UserDao userDao=new UserDaoImpl();User user=userDao.selectUser(3);System.out.println(user);}@Testpublic  void TestSelectAll() {UserDao userDao=new UserDaoImpl();List<User> L=userDao.selectAllUsers();System.out.println(L);}