问题描述:
连接数据库,执行SQL语句是必不可少的,下面给出了三种执行不通SQL语句的方法。
1.简单的Statement执行SQL语句。有SQL注入,一般不使用。
public static void testStatement() throws Exception{
Statement stm = null;
ResultSet rs = null;
DataBaseConn con = new DataBaseConn();
try{
stm = con.getMssqlConn().createStatement();
rs = stm.executeQuery("select top 1 * from tfixitem");
if(rs.next()){
System.out.println("testStatement测试,FIXITEM_CODE = " + rs.getString("FIXITEM_CODE"));
}
con.closeCon();
}catch(Exception e){
System.out.println(e.getMessage());
e.printStackTrace();
}
}
2.防止SQL注入的PreparedStatement执行SQL语句。
public static void testPreparedStatement(){
PreparedStatement pstm = null;
ResultSet rs = null;
DataBaseConn con = new DataBaseConn();
try{
pstm = con.getMssqlConn().prepareStatement("select * from tfixitem where fixitem_id = ?");
pstm.setInt(1, 2);
rs = pstm.executeQuery();
if(rs.next()){
System.out.println("testPreparedStatement测试,FIXITEM_CODE = " + rs.getString("FIXITEM_CODE"));
}
}catch(Exception e){
e.printStackTrace();
}
}
3.执行存储过程的CallableStatement执行存储过程SQL
public static void testCallableStatement(){
CallableStatement cstm = null;
ResultSet rs = null;
DataBaseConn con = new DataBaseConn();
try{
cstm = con.getMssqlConn().prepareCall("{call SP_QUERY_TFIXITEM(?,?,?,?,?,?,?,?)}");
cstm.setInt(1, 2);
cstm.setInt(2, 1);
cstm.setInt(3, 0);
cstm.setInt(4, 0);
cstm.setString(5, "");
cstm.setString(6, "");
cstm.setString(7, "");
cstm.setInt(8, 0);
rs = cstm.executeQuery();
if(rs.next()){
System.out.println("testCallableStatement测试,FIXITEM_CODE = " + rs.getString("FIXITEM_CODE"));
}
}catch(Exception e){
e.printStackTrace();
}
}
总结:执行简单SQL一般用preparedStatement,执行存储过程使用CallableStatement