1 SQL概述
SQL(Structured Query Language)是一种专门用来与数据库通信的语言。它包括了数据查询、数据操作、数据定义和数据控制等多种功能。
2 SQL的基本操作
SQL的基本操作包括:
-
查询(SELECT):从数据库中检索数据。
-
插入(INSERT):向数据库表中添加新数据。
-
更新(UPDATE):修改数据库表中的数据。
-
删除(DELETE):从数据库表中删除数据。
3 执行SQL查询
在Java中,可以使用JDBC执行SQL查询,并处理返回的结果集。
示例代码(查询):
java
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;
public class SqlQueryExample {
public static void main(String[] args) {
String url = "jdbc:mysql://localhost:3306/mydatabase";
String user = "user";
String password = "password";
try (Connection conn = DriverManager.getConnection(url, user, password);
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery("SELECT * FROM customers")) {
while (rs.next()) {
// 通过列名获取字段值
String name = rs.getString("name");
int age = rs.getInt("age");
System.out.println("Name: " + name + ", Age: " + age);
}
} catch (Exception e) {
e.printStackTrace();
}
}
}4 执行SQL插入
使用SQL插入语句向数据库添加新记录。
示例代码(插入):
java
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;
public class SqlInsertExample {
public static void main(String[] args) {
String url = "jdbc:mysql://localhost:3306/mydatabase";
String user = "user";
String password = "password";
try (Connection conn = DriverManager.getConnection(url, user, password);
Statement stmt = conn.createStatement()) {
String sql = "INSERT INTO customers (name, age) VALUES ('John Doe', 30)";
int rowsInserted = stmt.executeUpdate(sql);
if (rowsInserted > 0) {
System.out.println("A new customer was inserted successfully!");
}
} catch (Exception e) {
e.printStackTrace();
}
}
}5 执行SQL更新
使用SQL更新语句修改数据库中的数据。
示例代码(更新):
java
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;
public class SqlUpdateExample {
public static void main(String[] args) {
String url = "jdbc:mysql://localhost:3306/mydatabase";
String user = "user";
String password = "password";
try (Connection conn = DriverManager.getConnection(url, user, password);
Statement stmt = conn.createStatement()) {
String sql = "UPDATE customers SET age = 31 WHERE name = 'John Doe'";
int rowsUpdated = stmt.executeUpdate(sql);
if (rowsUpdated > 0) {
System.out.println("Customer's age was updated successfully!");
}
} catch (Exception e) {
e.printStackTrace();
}
}
}6 执行SQL删除
使用SQL删除语句从数据库中移除数据。
示例代码(删除):
java
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;
public class SqlDeleteExample {
public static void main(String[] args) {
String url = "jdbc:mysql://localhost:3306/mydatabase";
String user = "user";
String password = "password";
try (Connection conn = DriverManager.getConnection(url, user, password);
Statement stmt = conn.createStatement()) {
String sql = "DELETE FROM customers WHERE name = 'John Doe'";
int rowsDeleted = stmt.executeUpdate(sql);
if (rowsDeleted > 0) {
System.out.println("Customer was deleted successfully!");
}
} catch (Exception e) {
e.printStackTrace();
}
}
}7 事务管理
在Java中,可以使用JDBC管理数据库事务,确保数据的完整性和一致性。
示例代码(事务):
java
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;
public class SqlTransactionExample {
public static void main(String[] args) {
String url = "jdbc:mysql://localhost:3306/mydatabase";
String user = "user";
String password = "password";
try (Connection conn = DriverManager.getConnection(url, user, password)) {
conn.setAutoCommit(false); // 开始事务
try (Statement stmt = conn.createStatement()) {
// 执行一些数据库操作...
stmt.executeUpdate("UPDATE customers SET age = 32 WHERE name = 'John Doe'");
conn.commit(); // 提交事务
} catch (Exception e) {
conn.rollback(); // 回滚事务
throw e;
}
} catch (Exception e) {
e.printStackTrace();
}
}
}8 SQL注入防护
为了防止SQL注入攻击,应避免直接拼接SQL语句,并使用PreparedStatement来参数化查询。
示例代码(使用PreparedStatement防止SQL注入):
java
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
public class SqlInjectionProtectionExample {
public static void main(String[] args) {
String url = "jdbc:mysql://localhost:3306/mydatabase";
String user = "user";
String password = "password";
String name = "' OR '1'='1"; // 恶意输入
try (Connection conn = DriverManager.getConnection(url, user, password);
PreparedStatement pstmt = conn.prepareStatement("SELECT * FROM customers WHERE name = ?")) {
pstmt.setString(1, name);
try (ResultSet rs = pstmt.executeQuery()) {
while (rs.next()) {
// 处理结果集
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
}通过这一节的学习,你现在应该对SQL与数据库交互有了深入的理解。SQL是管理数据库中数据的重要工具,而Java通过JDBC提供了与数据库进行SQL交互的能力。掌握这些技能,可以帮助你有效地管理数据库中的数据,就像是管理Java的财富。下一节,我们将探讨事务处理,这是确保数据库操作原子性、一致性、隔离性和持久性的关键。