知识点:
0、安全开发-JavaEE-构建工具-Maven
1、安全开发-JavaEE-ORM框架-JDBC
2、安全开发-JavaEE-ORM框架-Mybatis
3、安全开发-JavaEE-ORM框架-Hibernate
4、安全开发-JavaEE-ORM框架-SQL注入&预编译
一、演示案例-WEB开发-JavaEE-构建工具-Maven
IDEA配置maven(用来安装依赖,类似于python的pip)
参考:https://blog.csdn.net/cxy2002cxy/article/details/144809310
二、演示案例-WEB开发-JavaEE-ORM框架-JDBC(javaEE原生)
参考:https://www.jianshu.com/p/ed1a59750127
1、引用依赖(pom.xml)
java连接mysql数据库
https://mvnrepository.com/
2、注册数据库驱动
bash
Class.forName("com.mysql.jdbc.Driver");
3、建立数据库连接
bash
String url ="jdbc:mysql://localhost:3306/phpstudy";
Connection connection=DriverManager.getConnection(url,"root","123456");
4、创建Statement执行SQL
bash
Statement statement= connection.createStatement();
ResultSet resultSet = statement.executeQuery(sql);
5、结果ResultSet进行提取
bash
while (resultSet.next()){
int id = resultSet.getInt("id");
String page_title = resultSet.getString("page_title");
.......
}
安全注入例子:
安全写法(预编译):PreparedStatement
bash
安全写法(预编译): "select * from admin where id=?"
//固定执行语句,无论在这个执行语句加什么内容都不会改变执行语句本身
不安全写法(拼接)
bash
"select * from admin where id="+id
三、演示案例-WEB开发-JavaEE-ORM框架-Hibernate
用AI帮写一个案例
1、引用依赖(pom.xml)
bash
hibernate-core,mysql-connector-java
2、Hibernate配置文件(操作数据库)
bash
src/main/resources/hibernate.cfg.xml
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE hibernate-configuration PUBLIC
"-//Hibernate/Hibernate Configuration DTD 3.0//EN"
"http://www.hibernate.org/dtd/hibernate-configuration-3.0.dtd">
<hibernate-configuration>
<session-factory>
<!-- 数据库连接配置 -->
<property name="hibernate.connection.driver_class">com.mysql.cj.jdbc.Driver</property>
<property name="hibernate.connection.url">jdbc:mysql://localhost:3306/phpstudy?useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC</property>
<property name="hibernate.connection.username">root</property>
<property name="hibernate.connection.password">123456</property>
<!-- 数据库方言 -->
<property name="hibernate.dialect">org.hibernate.dialect.MySQL8Dialect</property>
<!-- 显示 SQL 语句 -->
<property name="hibernate.show_sql">true</property>
<!-- 自动更新数据库表结构 -->
<property name="hibernate.hbm2ddl.auto">update</property>
<!-- 映射实体类 -->
<mapping class="com.example.entity.User"/>
</session-factory>
</hibernate-configuration>
3、映射实体类开发
用来存储获取数据:
bash
src/main/java/com/example/entityUser.java
4、Hibernate工具类
用来Hibernate使用:
bash
src/main/java/com/example/util/HibernateUtil.java
5、Servlet开发接受(sql执行代码在这)
bash
src/main/java/com/example/servlet/UserQueryServlet.java
安全注入例子:
安全写法
bash
String hql = "FROM User WHERE username=:username";
不安全写法
bash
String hql = "FROM User WHERE username='"+username+"'";
四、演示案例-WEB开发-JavaEE-ORM框架-MyBatis
1、引用依赖(pom.xml)
bash
mybatis,mysql-connector-java
2、MyBatis配置文件(数据库账号密码)
bash
src/main/resources/mybatis-config.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE configuration
PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
<environments default="development">
<environment id="development">
<transactionManager type="JDBC"/>
<dataSource type="POOLED">
<property name="driver" value="com.mysql.cj.jdbc.Driver"/>
<property name="url" value="jdbc:mysql://localhost:3306/phpstudy?serverTimezone=UTC"/>
<property name="username" value="root"/>
<property name="password" value="123456"/>
</dataSource>
</environment>
</environments>
<mappers>
<mapper resource="AdminMapper.xml"/>
</mappers>
</configuration>
3、AdminMapper.xml创建(执行sql语句)
bash
src/main/resources/AdminMapper.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.example.jdbcdemo43.mapper.AdminMapper">
<select id="selectAdminById" resultType="com.example.jdbcdemo43.model.Admin">
SELECT * FROM admin WHERE id = #{id}
</select>
</mapper>
4、创建数据实体类(存储数据)
bash
com/example/mybatisdemo43/model/Admin.java5、创建mapper实体类(触发事件)
bash
com/example/mybatisdemo43/mapper/AdminMapper.java6、创建servlet接受类(接收请求值,并响应结果)
bash
com/example/mybatisdemo43/servlet/SelectServlet.java
安全注入例子
安全写法
bash
select * from admin where id = #{id}
不安全写法
bash
select * from admin where id = ${id}
