JDBC Review 2 Prepared Statement and Statement

Keywords: SQL MySQL JDBC Database

Procedures for database operations are basically add, delete and modify, but we generally do not use deletion, the main reason is that in large-scale development, we delete statements only change the value of a field to hide it, so that we can retain all the information of users, and then analysis, or avoid some unnecessary trouble.

DML: Data Manipulation Language, Data Manipulation Language. Generally, it includes INSERT, UPDATE and DELETE.

The difference between database operation Statement and reparedStatement interface
Statement: An object used to execute a static SQL statement and return the results it generates. The SQL statements he executes need to be spliced. On the one hand, they are difficult to write, and on the other hand, they are insecure, which can easily cause SQL injection.
PreparedStatement: Object representing a precompiled sql statement. PreparedStatement interface is a sub-interface of Statement interface, so it has more characteristics than Statement. The sql statements executed by him can be represented by placeholders, which greatly simplifies the writing of sql statements, and can effectively prevent sql statement injection.

To sum up, we usually use Prepared Statement instead of Statement.

executeUpdate(): Execute a given SQL statement, which must be a Data Manipulation Language (DML) statement, or an SQL statement with no return content, such as a DDL statement.

Insertion with Statement

public class Jdbcsta {

    public static void main(String[] args){
        Connection conn =null;
        Statement stmt = null;

        try{
            Class.forName("com.mysql.jdbc.Driver"); //Build drive
            conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/studemo","root","root");//Establish connection

            stmt = conn.createStatement();//Create statement

            String sql="insert into stu() values ("+args[0]+",'"+args[1]+"','"+args[2]+"')"; 
            //  Statement splicing statements are too cumbersome
            System.out.println(sql);
            stmt.executeUpdate(sql);//Execution statement
            }catch(ClassNotFoundException e){
                e.printStackTrace();
            }catch(SQLException e){
                e.printStackTrace();
            }finally{
                try{
                if(stmt!=null){stmt.close();stmt=null;}
                if(conn!=null){conn.close();conn=null;}
                }catch(SQLException e){
                e.printStackTrace();                
                }
            }

        }  
    }

Insertion with PreparedStatement

public class JdbcPresta {

    public static void main(String[] args){
        Connection conn =null;
        PreparedStatement ptmt= null;

        try{
            Class.forName("com.mysql.jdbc.Driver"); //Build drive
            conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/studemo","root","root");//Establish connection


           ptmt = conn.prepareStatement("insert into stu values (?,?,?)"); 
           //  preparedStatement is directly precompiled and placeholder can effectively prevent sql injection
           int id=0;
            try {
                id = Integer.parseInt(args[0]);
            } catch (NumberFormatException e) {
                // TODO Auto-generated catch block
                System.out.println("Parameter type error");
                System.exit(-1);
            }

          ptmt.setInt(1, id);  //  Placeholder parameter settings, one parameter for the current number of placeholders, two parameters for the value passed
          ptmt.setString(2, args[1]);
          ptmt.setString(3, args[2]);
          ptmt.executeUpdate();


            }catch(ClassNotFoundException e){
                e.printStackTrace();
            }catch(SQLException e){
                e.printStackTrace();
            }finally{
                try{
                if(ptmt!=null){ptmt.close();ptmt=null;}
                if(conn!=null){conn.close();conn=null;}
                }catch(SQLException e){
                e.printStackTrace();                
                }
            }

        }  
    }

Posted by leszczu on Sun, 07 Apr 2019 17:57:30 -0700