JDBC API details

DriverManager

●DriverManager( Driver management ） effect ：
1. Registration drive
2. Get database connection

Connection

●Connection( Database connection object ） effect ：
1. Access to perform SQL The object of
2. Manage affairs

import java.sql.*;

public class transaction {
    
    public static void main(String[] args) throws Exception {
    
        Class.forName("com.mysql.cj.jdbc.Driver");
        Connection conn= DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/test","root","123456");
        String sql1="update offer set money=money+500 where Name=' Zhang San '";
        String sql2="update offer set money=money-500 where Name=' Li Si '";
        Statement sta=conn.createStatement();
        try {
    
            conn.setAutoCommit(false);
            int count1=sta.executeUpdate(sql1);
            System.out.println(" Currently affected rows ："+count1);
            int count2=sta.executeUpdate(sql2);
            System.out.println(" Currently affected rows ："+count2);
            conn.commit();
        } catch (SQLException throwables) {
    
            conn.rollback();
            throwables.printStackTrace();
        }
        sta.close();
        conn.close();
    }
}

Statement

●Statement effect ：
1. perform SQL sentence

ResultSet

●ResultSet( Result set object ) effect ：
1. Encapsulates the DQL The result of the query statement

● Use steps ：

●ResultSet Case study ：
demand ： Inquire about account Account table data , Encapsulated in the Account In the object , And store it in ArrayList Collection

PreparedStatement

●PreparedStatement effect ：
1. precompile SQL Statement and execute ： The prevention of SQL Inject problem

●SQL Inject
*SQL Injection is to modify pre-defined by operating input SQL sentence , The method used to execute code to attack the server .
eg:（ Fill in the user name of a login page casually , Password write a special script to login successfully . Such a system is very unsafe , You can attack after logging in , You can do whatever you want in the system ）

import java.sql.*;
import java.util.Scanner;

public class JDBCdemo {
    
    public static void main(String[] args) throws Exception {
    
       //1. Registration drive 
        Class.forName("com.mysql.cj.jdbc.Driver");
        //2. Get the connection 
       Connection conn=DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/test","root","123456");
        //3. Accept user input 
        Scanner in=new Scanner(System.in);
        System.out.println(" Please enter a user name ");
        String name=in.next();
        System.out.println(" Please input a password ");
        String password=in.next();

        String sql="select * from user where u_name=? and u_password=?";

        //4. obtain Statement object 
        PreparedStatement sta=conn.prepareStatement(sql);
        sta.setString(1,name);
        sta.setString(2,password);
        //5. perform SQL obtain ResultSet  Object result set 
        ResultSet re=sta.executeQuery();
         if(re.next()){
    
             System.out.println(" Login successful ");
         }else{
    
             System.out.println(" Login failed ");
         }
         re.close();
         sta.close();
         conn.close();
    }
}

How to solve SQL Injection problem ？：（ adopt PreparedStatement Object to solve ）
*PreparedStatement principle