我先贴出代码,问题在后面我的代码:
package jxc;/**
* 连接ACCESS 数据库
*
* @author KKWEI
* @version 1.0
*/
import java.sql.*;public class ConnectAccess {
private static Connection conn = null; public static Connection getConnectAccess() {
try {
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
conn = DriverManager.getConnection(
"jdbc:odbc:driver={Microsoft Access Driver (*.mdb)};" +
"DBQ=D:\\Program Files\\Apache Group\\Tomcat 4.1\\webapps\\jxc\\WEB-INF\\db.mdb");
}
catch (ClassNotFoundException e) {
System.out.print(e);
}
catch (SQLException e) {
System.out.print(e);
} return conn;
} public static void main(String[] args) {
Connection conn = ConnectAccess.getConnectAccess();
Statement stmt = null;
PreparedStatement st = null;
ResultSet rs = null; try { st = conn.prepareStatement(
"SELECT * FROM [User] WHERE [username]=? AND [password]=?");
st.setString(1, "kkwei");
st.setString(2, "123456");
rs = st.executeQuery();
while (rs.next()) {
System.out.println("username = " + rs.getString("username"));
System.out.println("password = " + rs.getString("password"));
} stmt = conn.createStatement();
rs = stmt.executeQuery("SELECT * FROM [User] WHERE [username]='kkwei' AND [password]='123456'");
while (rs.next()) {
System.out.println("stmt_username = " + rs.getString("username"));
System.out.println("stmt_password = " + rs.getString("password"));
} }
catch (SQLException e) {
System.out.print(e);
}
finally {
try {
if (rs != null) {
rs.close();
}
if (st != null) {
st.close();
}
if (conn != null) {
conn.close();
}
}
catch (SQLException e) {
System.out.print(e);
}
}
}
}执行后显示:
username = kkwei
password = 123456
stmt_username = kkwei
stmt_password = 123456问题1:
Statement和PreparedStatement有什么区别?他们都说PreparedStatement比较快,还有没有其他的区别?一般来说用哪个?在什么情况下用另一个?问题2:
PreparedStatement是不是可以不做sql的字符串处理(如:字符串含有')问题3:
我吧:
st = conn.prepareStatement(
"SELECT * FROM [User] WHERE [username]=? AND [password]=?");
st.setString(1, "kkwei");
st.setString(2, "123456");
改成:
st = conn.prepareStatement(
"SELECT * FROM [User] WHERE [username]='?' AND [password]=?");
st.setString(1, "kkwei");
st.setString(2, "123456");就是加上了单引号,为什么要报错:
java.lang.ArrayIndexOutOfBoundsException: 1问题4:
我吧:
st = conn.prepareStatement(
"SELECT * FROM [User] WHERE [username]=? AND [password]=?");
st.setString(1, "kkwei");
st.setString(2, "123456");
改成:
st = conn.prepareStatement(
"SELECT * FROM [User] WHERE [?]=? AND [password]=?");
st.setString(1, "username");
st.setString(2, "kkwei");
st.setString(3, "123456");运行显示:
stmt_username = kkwei
stmt_password = 123456为什么这样就查询不到记录了?
package jxc;/**
* 连接ACCESS 数据库
*
* @author KKWEI
* @version 1.0
*/
import java.sql.*;public class ConnectAccess {
private static Connection conn = null; public static Connection getConnectAccess() {
try {
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
conn = DriverManager.getConnection(
"jdbc:odbc:driver={Microsoft Access Driver (*.mdb)};" +
"DBQ=D:\\Program Files\\Apache Group\\Tomcat 4.1\\webapps\\jxc\\WEB-INF\\db.mdb");
}
catch (ClassNotFoundException e) {
System.out.print(e);
}
catch (SQLException e) {
System.out.print(e);
} return conn;
} public static void main(String[] args) {
Connection conn = ConnectAccess.getConnectAccess();
Statement stmt = null;
PreparedStatement st = null;
ResultSet rs = null; try { st = conn.prepareStatement(
"SELECT * FROM [User] WHERE [username]=? AND [password]=?");
st.setString(1, "kkwei");
st.setString(2, "123456");
rs = st.executeQuery();
while (rs.next()) {
System.out.println("username = " + rs.getString("username"));
System.out.println("password = " + rs.getString("password"));
} stmt = conn.createStatement();
rs = stmt.executeQuery("SELECT * FROM [User] WHERE [username]='kkwei' AND [password]='123456'");
while (rs.next()) {
System.out.println("stmt_username = " + rs.getString("username"));
System.out.println("stmt_password = " + rs.getString("password"));
} }
catch (SQLException e) {
System.out.print(e);
}
finally {
try {
if (rs != null) {
rs.close();
}
if (st != null) {
st.close();
}
if (conn != null) {
conn.close();
}
}
catch (SQLException e) {
System.out.print(e);
}
}
}
}执行后显示:
username = kkwei
password = 123456
stmt_username = kkwei
stmt_password = 123456问题1:
Statement和PreparedStatement有什么区别?他们都说PreparedStatement比较快,还有没有其他的区别?一般来说用哪个?在什么情况下用另一个?问题2:
PreparedStatement是不是可以不做sql的字符串处理(如:字符串含有')问题3:
我吧:
st = conn.prepareStatement(
"SELECT * FROM [User] WHERE [username]=? AND [password]=?");
st.setString(1, "kkwei");
st.setString(2, "123456");
改成:
st = conn.prepareStatement(
"SELECT * FROM [User] WHERE [username]='?' AND [password]=?");
st.setString(1, "kkwei");
st.setString(2, "123456");就是加上了单引号,为什么要报错:
java.lang.ArrayIndexOutOfBoundsException: 1问题4:
我吧:
st = conn.prepareStatement(
"SELECT * FROM [User] WHERE [username]=? AND [password]=?");
st.setString(1, "kkwei");
st.setString(2, "123456");
改成:
st = conn.prepareStatement(
"SELECT * FROM [User] WHERE [?]=? AND [password]=?");
st.setString(1, "username");
st.setString(2, "kkwei");
st.setString(3, "123456");运行显示:
stmt_username = kkwei
stmt_password = 123456为什么这样就查询不到记录了?
建议看一下jdk
1。preparedStatement是预处理的。如果需要反复使用这个语句,用这个比较好,它先编译好,然后存储下来供以后使用。
2 如果是 在参数里面可以
3'?'sql把他看做一个字符串,当然不行
4 只有 值能用?,字段名 不能用 ?