java 调用mysql的事务如何传入查询参数?
发布网友
发布时间:2022-04-27 05:54
共6个回答
热心网友
时间:2022-04-09 13:56
Statement换成preparedStatement,就有相应的set方法了。
或者既然addBatch里面传入的是String类型,那我们自己构造,
stmt.addBatch(“insert into users values ("+"values1"+","+"values2"+");");
或者既然是users类,我们可以根据users中属性是否为初始值来自动生成inset语句,下面是我以前写的代码,仅供参考
注释:
1、下面的User.NAME等就是user中name属性在表中的列名
2、方法ConvertStr就是把插入的列的value加上单引号。
private static String ConvertStr(Object object) {
return "'" + object.toString() + "'";
}
3、其他
public static final String strIns = "insert into users(";
public static final String strVal = ") values(";
public static final String strEnd = ");";
4、调用
stmt.addBatch(User.InsetStr(user));//这样就不用考虑传参了
代码如下:
String StrCol = "";
String Values = "";
if (user.getName() != null && !user.getName().equals("")) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.NAME;
Values = Values + "," + ConvertStr(user.getName());
} else {
StrCol = StrCol + User.NAME;
Values = Values + ConvertStr(user.getName());
}
}
if (user.getNick() != null && !user.getNick().equals("")) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.NICK;
Values = Values + "," + ConvertStr(user.getNick());
} else {
StrCol = StrCol + User.NICK;
Values = Values + ConvertStr(user.getNick());
}
}
if (user.getStudentid() != 0) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.STUDENTID;
Values = Values + "," + ConvertStr(user.getStudentid());
} else {
StrCol = StrCol + User.STUDENTID;
Values = Values + ConvertStr(user.getStudentid());
}
}
if (user.getSex() != '\u0000') {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.SEX;
Values = Values + "," + ConvertStr(user.getSex());
} else {
StrCol = StrCol + User.SEX;
Values = Values + ConvertStr(user.getSex());
}
}
if (user.getPassword() != null && !user.getPassword().equals("")) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.PASSWORD;
Values = Values + "," + ConvertStr(user.getPassword());
} else {
StrCol = StrCol + User.PASSWORD;
Values = Values + ConvertStr(user.getPassword());
}
}
if (user.getHash() != null && !user.getHash().equals("")) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.HASH;
Values = Values + "," + ConvertStr(user.getHash());
} else {
StrCol = StrCol + User.HASH;
Values = Values + ConvertStr(user.getHash());
}
}
if (user.getSchool() != null && !user.getSchool().equals("")) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.SCHOOL;
Values = Values + "," + ConvertStr(user.getSchool());
} else {
StrCol = StrCol + User.SCHOOL;
Values = Values + ConvertStr(user.getSchool());
}
}
if (user.getMajor() != null && !user.getMajor().equals("")) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.MAJOR;
Values = Values + "," + ConvertStr(user.getMajor());
} else {
StrCol = StrCol + User.MAJOR;
Values = Values + ConvertStr(user.getMajor());
}
}
if (user.getMobile() != 0) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.MOBILE;
Values = Values + "," + ConvertStr(user.getMobile());
} else {
StrCol = StrCol + User.MOBILE;
Values = Values + ConvertStr(user.getMobile());
}
}
if (user.getCollege() != null && !user.getCollege().equals("")) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.COLLEGE;
Values = Values + "," + ConvertStr(user.getCollege());
} else {
StrCol = StrCol + User.COLLEGE;
Values = Values + ConvertStr(user.getCollege());
}
}
if (user.getGrade() != 0) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.GRADE;
Values = Values + "," + ConvertStr(user.getGrade());
} else {
StrCol = StrCol + User.GRADE;
Values = Values + ConvertStr(user.getGrade());
}
}
if (user.getBclass() != null && !user.getBclass().equals("")) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.BCLASS;
Values = Values + "," + ConvertStr(user.getBclass());
} else {
StrCol = StrCol + User.BCLASS;
Values = Values + ConvertStr(user.getBclass());
}
}
if (user.getIdnum() != null && !user.getIdnum().equals("")) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.IDNUM;
Values = Values + "," + ConvertStr(user.getIdnum());
} else {
StrCol = StrCol + User.IDNUM;
Values = Values + ConvertStr(user.getIdnum());
}
}
if (user.getEmail() != null && !user.getEmail().equals("")) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.EMAIL;
Values = Values + "," + ConvertStr(user.getEmail());
} else {
StrCol = StrCol + User.EMAIL;
Values = Values + ConvertStr(user.getEmail());
}
}
if (user.getRegip() != null && !user.getRegip().equals("")) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.REGIP;
Values = Values + "," + ConvertStr(user.getRegip());
} else {
StrCol = StrCol + User.REGIP;
Values = Values + ConvertStr(user.getRegip());
}
}
if (user.getRegdate() != 0) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.REGDATE;
Values = Values + "," + ConvertStr(user.getRegdate());
} else {
StrCol = StrCol + User.REGDATE;
Values = Values + ConvertStr(user.getRegdate());
}
}
if (user.getUnit() != null && !user.getUnit().equals("")) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.UNIT;
Values = Values + "," + ConvertStr(user.getUnit());
} else {
StrCol = StrCol + User.UNIT;
Values = Values + ConvertStr(user.getUnit());
}
}
if (user.getRegion() != null && !user.getRegion().equals("")) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.REGION;
Values = Values + "," + ConvertStr(user.getRegion());
} else {
StrCol = StrCol + User.REGION;
Values = Values + ConvertStr(user.getRegion());
}
}
if (user.getDepartments() != null && !user.getDepartments().equals("")) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.DEPARTMENTS;
Values = Values + "," + ConvertStr(user.getDepartments());
} else {
StrCol = StrCol + User.DEPARTMENTS;
Values = Values + ConvertStr(user.getDepartments());
}
}
if (user.getTdcj() > 0) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.TDCJ;
Values = Values + "," + ConvertStr(user.getTdcj());
} else {
StrCol = StrCol + User.TDCJ;
Values = Values + ConvertStr(user.getTdcj());
}
}
if (user.getTzcj() > 0) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.TZCJ;
Values = Values + "," + ConvertStr(user.getTzcj());
} else {
StrCol = StrCol + User.TZCJ;
Values = Values + ConvertStr(user.getTzcj());
}
}
if (user.getAddress() != null && !user.getAddress().equals("")) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.ADDRESS;
Values = Values + "," + ConvertStr(user.getAddress());
} else {
StrCol = StrCol + User.ADDRESS;
Values = Values + ConvertStr(user.getAddress());
}
}
if (user.getPostcode() != 0) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.POSTCODE;
Values = Values + "," + ConvertStr(user.getPostcode());
} else {
StrCol = StrCol + User.POSTCODE;
Values = Values + ConvertStr(user.getPostcode());
}
}
if (user.getBankcard() != 0) {
if (!StrCol.equals("")) {
StrCol = StrCol + "," + User.BANKCARD;
Values = Values + "," + ConvertStr(user.getBankcard());
} else {
StrCol = StrCol + User.BANKCARD;
Values = Values + ConvertStr(user.getBankcard());
}
}
return Sql.strIns + StrCol + Sql.strVal + Values + Sql.strEnd;
}
追问这个方法对于新手是很好,但是朋友,你知道什么是SQL注入式攻击么?
这样是有安全隐患的.
追答你就写一个过滤的方法吧
热心网友
时间:2022-04-09 15:14
stmt.setXxx(1, javaBean.getXxx());
stmt.setXxx(2, javaBean.getXxx());
stmt.setXxx(3, javaBean.getXxx());
stmt.setXxx(4, javaBean.getXxx());追问stmt根本就没有setString之类的函数。回答问题不要这么不负责哦
热心网友
时间:2022-04-09 16:49
热心网友
时间:2022-04-09 18:40
查询的话参数肯定通过方法参数传入
插入的话加事务也不是你这样加的啊
生成Statement之前调用以下代码,设置手动提交
conn.setAutoCommit(false);
所有SQL语句执行完成后conn.commit()提交整个事务,如果有异常rollback回滚事务.
热心网友
时间:2022-04-09 20:48
不是Statement
使用方法如下,你参考一下。
---------------------------------------------------------------------------------
String sql = "insert into users values (?,?,?,?);";
PreparedStatement pst = conn.prepareStatement(sql);
pst.setObject(1, xxxx);
pst.setObject(2, yyy);
pst.setObject(3, zzz);
pst.setObject(4, nnnnn);
ResultSet rs = pst.executeQuery();追问事务呢?有木有?不用事务这样写我也会。我问的不是这个
热心网友
时间:2022-04-09 23:13
用setXXX()试一下追问新手别添乱哦,没那么好解决
