Procedures for database operations are basically add, delete and modify, but we generally do not use deletion, the main reason is that in large-scale development, we delete statements only change the value of a field to hide it, so that we can retain all the information of users, and then analysis, or avoid some unnecessary trouble.
DML: Data Manipulation Language, Data Manipulation Language. Generally, it includes INSERT, UPDATE and DELETE.
The difference between database operation Statement and reparedStatement interface
Statement: An object used to execute a static SQL statement and return the results it generates. The SQL statements he executes need to be spliced. On the one hand, they are difficult to write, and on the other hand, they are insecure, which can easily cause SQL injection.
PreparedStatement: Object representing a precompiled sql statement. PreparedStatement interface is a sub-interface of Statement interface, so it has more characteristics than Statement. The sql statements executed by him can be represented by placeholders, which greatly simplifies the writing of sql statements, and can effectively prevent sql statement injection.
To sum up, we usually use Prepared Statement instead of Statement.
executeUpdate(): Execute a given SQL statement, which must be a Data Manipulation Language (DML) statement, or an SQL statement with no return content, such as a DDL statement.
Insertion with Statement
public class Jdbcsta {
public static void main(String[] args){
Connection conn =null;
Statement stmt = null;
try{
Class.forName("com.mysql.jdbc.Driver"); //Build drive
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/studemo","root","root");//Establish connection
stmt = conn.createStatement();//Create statement
String sql="insert into stu() values ("+args[0]+",'"+args[1]+"','"+args[2]+"')";
// Statement splicing statements are too cumbersome
System.out.println(sql);
stmt.executeUpdate(sql);//Execution statement
}catch(ClassNotFoundException e){
e.printStackTrace();
}catch(SQLException e){
e.printStackTrace();
}finally{
try{
if(stmt!=null){stmt.close();stmt=null;}
if(conn!=null){conn.close();conn=null;}
}catch(SQLException e){
e.printStackTrace();
}
}
}
}
Insertion with PreparedStatement
public class JdbcPresta {
public static void main(String[] args){
Connection conn =null;
PreparedStatement ptmt= null;
try{
Class.forName("com.mysql.jdbc.Driver"); //Build drive
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/studemo","root","root");//Establish connection
ptmt = conn.prepareStatement("insert into stu values (?,?,?)");
// preparedStatement is directly precompiled and placeholder can effectively prevent sql injection
int id=0;
try {
id = Integer.parseInt(args[0]);
} catch (NumberFormatException e) {
// TODO Auto-generated catch block
System.out.println("Parameter type error");
System.exit(-1);
}
ptmt.setInt(1, id); // Placeholder parameter settings, one parameter for the current number of placeholders, two parameters for the value passed
ptmt.setString(2, args[1]);
ptmt.setString(3, args[2]);
ptmt.executeUpdate();
}catch(ClassNotFoundException e){
e.printStackTrace();
}catch(SQLException e){
e.printStackTrace();
}finally{
try{
if(ptmt!=null){ptmt.close();ptmt=null;}
if(conn!=null){conn.close();conn=null;}
}catch(SQLException e){
e.printStackTrace();
}
}
}
}