JDBC 从入门到入库:查询、插入、更新、删除操作
一、JDBC 是什么?
JDBC(Java Database Connectivity)是 Java 连接数据库的规范,由一组接口和类组成。
不管你是 MySQL、Oracle 还是 SQL Server,写法基本一样,只要更换驱动和 URL 即可。
二、原生 JDBC 的标准 6 步
java
// 1. 加载数据库驱动(从 JDBC 4.0 开始可以省略,但建议保留)
Class.forName("com.mysql.cj.jdbc.Driver");
// 2. 建立连接
String url = "jdbc:mysql://localhost:3306/数据库名?serverTimezone=GMT%2B8&useSSL=false";
String user = "root";
String password = "123456";
Connection conn = DriverManager.getConnection(url, user, password);
// 3. 编写 SQL 语句(使用占位符 ?)
String sql = "SELECT * FROM user WHERE userId = ?";
// 4. 创建 PreparedStatement 并设置参数
PreparedStatement ps = conn.prepareStatement(sql);
ps.setInt(1, 1);
// 5. 执行 SQL,处理结果
ResultSet rs = ps.executeQuery(); // 查询用 executeQuery()
while (rs.next()) {
int id = rs.getInt("userId");
String name = rs.getString("userName");
// ... 处理
}
// 6. 关闭资源(逆序关闭)
rs.close();
ps.close();
conn.close();
三、CRUD 详细代码示例
- 查询(Retrieve)—— 查询用户列表
java
public ListfindAll() throws SQLException {
Listlist = new ArrayList<>();
String sql = "SELECT userId, userName, email, phone FROM user";
try (Connection conn = DBUtil.getConnection();
PreparedStatement ps = conn.prepareStatement(sql);
ResultSet rs = ps.executeQuery()) {
while (rs.next()) {
User u = new User();
u.setUserId(rs.getInt("userId"));
u.setUserName(rs.getString("userName"));
u.setEmail(rs.getString("email"));
u.setPhone(rs.getString("phone"));
list.add(u);
}
}
return list;
} - 插入(Create)—— 注册新用户
java
public int addUser(User user) throws SQLException {
String sql = "INSERT INTO user(userName, userPwd, email, phone) VALUES(?, ?, ?, ?)";
try (Connection conn = DBUtil.getConnection();
PreparedStatement ps = conn.prepareStatement(sql)) {
ps.setString(1, user.getUserName());
ps.setString(2, user.getUserPwd());
ps.setString(3, user.getEmail());
ps.setString(4, user.getPhone());
return ps.executeUpdate(); // 返回受影响的行数
}
} - 更新(Update)—— 修改用户密码
java
public int updatePassword(int userId, String newPwd) throws SQLException {
String sql = "UPDATE user SET userPwd = ? WHERE userId = ?";
try (Connection conn = DBUtil.getConnection();
PreparedStatement ps = conn.prepareStatement(sql)) {
ps.setString(1, newPwd);
ps.setInt(2, userId);
return ps.executeUpdate();
}
} - 删除(Delete)—— 删除用户
java
public int deleteUser(int userId) throws SQLException {
String sql = "DELETE FROM user WHERE userId = ?";
try (Connection conn = DBUtil.getConnection();
PreparedStatement ps = conn.prepareStatement(sql)) {
ps.setInt(1, userId);
return ps.executeUpdate();
}
}
四、为什么必须使用 PreparedStatement(防 SQL 注入)
错误示例(使用 Statement,危险!):
java
String name = request.getParameter("name");
Statement st = conn.createStatement();
String sql = "SELECT * FROM user WHERE name = '" + name + "'";
// 输入:' or '1'='1 --> 拼接后变成 where name = '' or '1'='1',永远为真,返回所有用户
正确做法(PreparedStatement):
java
String sql = "SELECT * FROM user WHERE name = ?";
PreparedStatement ps = conn.prepareStatement(sql);
ps.setString(1, name); // 参数被转义,不会改变 SQL 结构
五、使用 try-with-resources 自动关闭资源
从 Java 7 开始,实现了 AutoCloseable 的资源可以用 try-with-resources 自动关闭,非常简洁:
java
try (Connection conn = DBUtil.getConnection();
PreparedStatement ps = conn.prepareStatement(sql);
ResultSet rs = ps.executeQuery()) {
// 处理结果集,资源自动关闭
}
六、编写一个简单的 JDBC 工具类(DBUtil)
java
public class DBUtil {
private static final String DRIVER = "com.mysql.cj.jdbc.Driver";
private static final String URL = "jdbc:mysql://localhost:3306/x_mall?serverTimezone=GMT%2B8&useSSL=false";
private static final String USER = "root";
private static final String PASSWORD = "123456";
static {try {Class.forName(DRIVER);} catch (ClassNotFoundException e) {e.printStackTrace();}
}public static Connection getConnection() throws SQLException {return DriverManager.getConnection(URL, USER, PASSWORD);
}public static void close(ResultSet rs, Statement st, Connection conn) {try { if (rs != null) rs.close(); } catch (SQLException e) { e.printStackTrace(); }try { if (st != null) st.close(); } catch (SQLException e) { e.printStackTrace(); }try { if (conn != null) conn.close(); } catch (SQLException e) { e.printStackTrace(); }
}
}
八、Maven 依赖
xml
