概述
packagecom.test.preparedstatement;importjava.io.BufferedInputStream;importjava.io.File;importjava.io.FileInputStream;importjava.io.FileNotFoundException;importjava.io.IOException;importjava.io.InputStream;importjava.sql.Connection;importjava.sql.DriverManager;importjava.sql.PreparedStatement;importjava.sql.SQLException;importjava.sql.Statement;importjava.util.Properties;public classTestJdbc {private static final String dataSourcePath = "resources/dataSource.properties";public static voidgetDataBaseData() {try{
InputStream iStream= new BufferedInputStream(new FileInputStream(newFile(dataSourcePath)));
Properties properties= newProperties();
properties.load(iStream);
String username= properties.getProperty("username");
String password= properties.getProperty("password");
String driver= properties.getProperty("driver");
String url= properties.getProperty("url");//1.statement方式
long start =System.currentTimeMillis();//加载驱动
Class.forName(driver);//建立连接
Connection connection =DriverManager.getConnection(url, username, password);//创建statement
Statement statement =connection.createStatement();for (int i = 0; i < 50; i++) {
statement.execute("insert into test values("+i+",'a"+i+"')");
}
statement.close();
connection.close();
System.out.println("statment花费时间:"+String.valueOf(System.currentTimeMillis()-start));//2.preparedStatement方式
long start2 =System.currentTimeMillis();//加载驱动
Class.forName(driver);//建立连接
Connection connection2 =DriverManager.getConnection(url, username, password);//创建preparedStatement
PreparedStatement preparedStatement = connection2.prepareStatement("insert into test values(?,?)");for (int j = 50; j < 100; j++) {
preparedStatement.setInt(1, j);
preparedStatement.setString(2, "b"+j);
preparedStatement.execute();
}
preparedStatement.close();
connection2.close();
System.out.println("preparedStatement花费时间:"+String.valueOf(System.currentTimeMillis()-start2));
}catch(FileNotFoundException e) {
e.printStackTrace();
}catch(IOException e) {
e.printStackTrace();
}catch(ClassNotFoundException e) {
e.printStackTrace();
}catch(SQLException e) {
e.printStackTrace();
}
}public static voidmain(String[] args) {
TestJdbc.getDataBaseData();
}
}
最后
以上就是孝顺小松鼠为你收集整理的java preparestatement sql注入_JDBC及PreparedStatement防SQL注入的全部内容,希望文章能够帮你解决java preparestatement sql注入_JDBC及PreparedStatement防SQL注入所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
发表评论 取消回复