我是java和spring的新手,我知道jdbc已經過時了,但我想掌握這項技術,為什么當我使用ResultSet生成請求時,我遇到了問題,我完全不明白發生了什么
照片
盡管如果您通過控制臺重復相同的請求,則一切正常
照片
查詢:
private final static String CREATE_CAR_QUERY = "insert into cars values(default,?,?,?,?,?,?,?,?,?)"; private final static String CREATE_DRIVER_CAR_QUERY = "insert into driver_car values(?,?)"; private final static String FIND_CAR_ID_BY_CAR_NUMBER_QUERY = "select id from cars where car_number = ";
功能:
> public void create(Car entity, Long driverId) {
> Long carId = 0L;
> try (PreparedStatement preparedStatement = jpaConfig.getConnection().prepareStatement(CREATE_CAR_QUERY)) {
> preparedStatement.setTimestamp(1, new Timestamp(entity.getCreated().getTime()));
> preparedStatement.setTimestamp(2, new Timestamp(entity.getUpdated().getTime()));
> preparedStatement.setBoolean(3, entity.getVisible());
> preparedStatement.setString(4, entity.getCarName());
> preparedStatement.setString(5, entity.getImageUrl());
> preparedStatement.setString(6, entity.getColor());
> preparedStatement.setInt(7, entity.getYearsOfIssue());
> preparedStatement.setDouble(8, entity.getEngineCapacity());
> preparedStatement.setString(9, entity.getCarNumber());
> preparedStatement.execute();
> } catch (SQLException e) {
> e.printStackTrace();
> }
>
>
> try (ResultSet resultSet = jpaConfig.getStatement().executeQuery(FIND_CAR_ID_BY_CAR_NUMBER_QUERY
> entity.getCarNumber())){
> carId = resultSet.getLong("id");
> } catch (SQLException e) {
> System.out.println("problem: = " e.getMessage());
> }
>
>
> try (PreparedStatement preparedStatement = jpaConfig.getConnection().prepareStatement(CREATE_DRIVER_CAR_QUERY)) {
> preparedStatement.setLong(1, driverId);
> preparedStatement.setLong(2, carId);
> preparedStatement.execute();
> } catch (SQLException e) {
> e.printStackTrace();
> }
> }
到達的物體:
照片
雖然功能幾乎相同,但它使用相同的查詢,但一次是按 car_number 搜索,另一次是按 driver_id:
查詢:private final static String FIND_ALL_SIMPLE_CARS_BY_DRIVER_ID_QUERY = "select id,cars_name,color,years_of_issue,engine_of_capacity,car_number from cars left join driver_car ab on cars.id = ab.car_id where ab.driver_id = ";
public Map<Long, String> findByDriverId(Long driverId) {
Map<Long, String> map = new HashMap<>();
try (ResultSet resultSet = jpaConfig.getStatement().executeQuery(FIND_ALL_SIMPLE_CARS_BY_DRIVER_ID_QUERY
driverId)) {
while (resultSet.next()) {
long id = resultSet.getLong("id");
String carName = resultSet.getString("cars_name");
map.put(id, carName);
}
} catch (SQLException e) {
System.out.println("problem: = " e.getMessage());
}
return map;
}
uj5u.com熱心網友回復:
正如@DaveNewton 已經評論過的那樣,您應該使用 a PreparedStatementforFIND_CAR_ID_BY_CAR_NUMBER_QUERY類似于您已經為插入陳述句執行的方式。這確保了查詢值的正確參考和轉義,從而使您的生活更輕松,您的代碼受 sql 注入攻擊的影響更小。
private final static String FIND_CAR_ID_BY_CAR_NUMBER_QUERY = "select id from cars where car_number = ?";
try (PreparedStatement preparedStatement = jpaConfig.getConnection().prepareStatement(FIND_CAR_ID_BY_CAR_NUMBER_QUERY)) {
preparedStatement.setString(entity.getCarNumber());
try (ResultSet resultSet = preparedStatement.executeQuery()) {
carId = resultSet.getLong("id");
}
} catch (SQLException e) {
System.out.println("problem: = " e.getMessage());
}
轉載請註明出處,本文鏈接:https://www.uj5u.com/net/403808.html
標籤:
上一篇:使用for回圈洗掉字串的前半部分
下一篇:“內部”型別的Java泛型模式