sqlパラメータ
1111 ワード
sql文のパラメータは方法2を使うのが最も良くて、文字列を通じて直接つなぎ合わせることができません
public static void main(String[] args) throws SQLException,
ClassNotFoundException {
String url = "jdbc:mysql://localhost:3306/test";
String username = "root";
String password = "zhchx";
Class.forName("com.mysql.jdbc.Driver");
Connection conn = DriverManager.getConnection(url, username, password);
//方法1
/*String names = "tom's";
String sql = "SELECT * FROM STUDENT T WHERE T.NAME="+names;
PreparedStatement pstmt = conn.prepareStatement(sql);*/
//方法2
String names = "tom's";
String sql = "SELECT * FROM STUDENT T WHERE T.NAME=?";
PreparedStatement pstmt = conn.prepareStatement(sql);
pstmt.setString(1, names);
ResultSet rs = pstmt.executeQuery();
while(rs.next()) {
String name = rs.getString("NAME");
Date date = rs.getDate("birthday");
System.out.println(name + ":"+ date);
}
}
public static void main(String[] args) throws SQLException,
ClassNotFoundException {
String url = "jdbc:mysql://localhost:3306/test";
String username = "root";
String password = "zhchx";
Class.forName("com.mysql.jdbc.Driver");
Connection conn = DriverManager.getConnection(url, username, password);
//方法1
/*String names = "tom's";
String sql = "SELECT * FROM STUDENT T WHERE T.NAME="+names;
PreparedStatement pstmt = conn.prepareStatement(sql);*/
//方法2
String names = "tom's";
String sql = "SELECT * FROM STUDENT T WHERE T.NAME=?";
PreparedStatement pstmt = conn.prepareStatement(sql);
pstmt.setString(1, names);
ResultSet rs = pstmt.executeQuery();
while(rs.next()) {
String name = rs.getString("NAME");
Date date = rs.getDate("birthday");
System.out.println(name + ":"+ date);
}
}