import java.sql.Connection;

 import java.sql.DriverManager;

 import java.sql.PreparedStatement;

 import java.sql.ResultSet;

 import java.sql.Statement;

 import org.junit.Test;

 public class JDBCTest {

     @Test

     public void test() throws Exception {

         Connection con = null;//定义引用

         Statement stmt = null;

         ResultSet rs = null;

         //规范的代码格式，try catch finally

         try {

             String driverClassName = "com.mysql.jdbc.Driver";

             String url = "jdbc:mysql://localhost:3306/exam";

             String username = "root";

             String password = "123";

             Class.forName(driverClassName);                                //加载

             con = DriverManager.getConnection(url, username, password);    //连接

             stmt = con.createStatement();                                //可以理解为创建SQL语句发射器

             //executeUpdate方法，可以执行增删改语句（INSERT, UPDATE, DELETE），返回被改变的记录条数

             String sql="DELETE FROM stu";

             int r = stmt.executeUpdate(sql);

             System.out.println("共删除了"+r+"条记录！");         

             //executeQuery方法，用于执行查询操作（SELECT），返回结果集

             String sql2="select * from emp";

             rs = stmt.executeQuery(sql2);

             while(rs.next()) {                            //把光标向下移动一行，并判断下一行是否存在！

                 int empno = rs.getInt(1);                //通过列编号来获取该列的值！

                 String ename = rs.getString("ename");    //通过列名称来获取该列的值

                 double sal = rs.getDouble("sal");

                 System.out.println(empno +  ", " + ename + ", " + sal);

             }

         } catch(Exception e) {

             throw new RuntimeException(e);

         } finally {

             // 一定要关闭！！！！！！

             if(rs != null) rs.close();

             if(stmt != null) stmt.close();

             if(con != null) con.close();

         }

     }

     @Test

     /**

      * 预处理方式

      * 优点：灵活，效率高，防SQL攻击

      * SQL攻击例子：

      *   若：sql = "select * from t_user where username='" + username + "' and password='" + password + "'";

      *   username = "a' or 'a'='a";

      *     password = "a' or 'a'='a";

      *     最后拼成的语句为：

      *  select * from t_user where username='a' or 'a'='a" and password='a' or 'a'='a'

      *  永远为true。

      */

     public void test2() throws Exception {

         Connection con = null;//定义引用

         ResultSet rs = null;

         PreparedStatement pstmt=null;

         try {

             String driverClassName = "com.mysql.jdbc.Driver";

             //mysql默认预处理是关闭的，加上这两个参数之后可以开启预处理

             String url = "jdbc:mysql://localhost:3306/exam?useServerPrepStmts=true&cachePrepStmts=true";

             String username = "root";

             String password = "123";

             Class.forName(driverClassName);

             con = DriverManager.getConnection(url, username, password);    

             String sql="select * from emp where empno=? and job=?";

             pstmt = con.prepareStatement(sql);

             pstmt.setInt(1, 1001);

             pstmt.setString(2, "文员");

             rs =pstmt.executeQuery();

             if(rs.next())

             {

                 System.out.println(rs.getString("ename"));

             }

         } catch(Exception e) {

             throw new RuntimeException(e);

         } finally {

             if(rs != null) rs.close();

             if(pstmt != null) pstmt.close();

             if(con != null) con.close();

         }

     }

 }