성장일기 : 문과생의 개발 여정 (งᐖ)ว ( ᐛ )و

Prepare Statement 본문

백엔드개발/JDBC

Prepare Statement

hyemi_flora 2023. 11. 13. 11:52

package database;

 

import java.sql.Connection;

import java.sql.DriverManager;

import java.sql.SQLException;

 

public class JdbcConnection {

 

public static String driverPath = "oracle.jdbc.driver.OracleDriver";

public static String url = "jdbc:oracle:thin:@localhost:1521:XE"; // localhost 자리는 네트워크 주소자리 127.0.0.1

public static String id = "hr";

public static String pw = "1234";

 

static {

try {

Class.forName(driverPath);

} catch (ClassNotFoundException e) {

e.printStackTrace();

}

}

 

public static Connection getConnection() throws SQLException {

return DriverManager.getConnection(url, id, pw);

}

 

}

 

package database;

 

import java.sql.Connection;

import java.sql.PreparedStatement;

import java.sql.ResultSet;

import java.sql.SQLException;

import java.util.Scanner;

 

public class J02_PrepareStatement {

 

        public static void main(String[] args) {        

 

                Scanner sc = new Scanner(System.in);

                System.out.println("검색할 이름>> ");

                String keyword = sc.next();

                

                //쿼리문

                // SQL Injection 공격의 위험※이 있는 안좋은 방법이다.

                // https://namu.wiki/w/SQL%20injection

//                String sql ="SELECT * FROM employees WHERE "

//                                + "first_name = '" + keyword + "'";

                

                // SQL Injection을 방지하기 위해 채워야하는 곳은 ?로 비워놓고 쿼리문을 작성한다

                String sql ="SELECT * FROM employees WHERE = ?";

 

                try (Connection co = JdbcConnection.getConnection(); // 클래스 나누어 놓은것 불러들이기.

                                PreparedStatement pstmt = co.prepareStatement(sql);

                // ResultSet rs = pstmt.executeQuery();

                ) {

                        // 쿼리문을 준비시킨 후 ?를 채워줄 수 있다.

                        // ? 1번부터 시작한다.

                        pstmt.setString(1, keyword);

 

                        // AutoClose를 위한 try

                        try (ResultSet rs = pstmt.executeQuery()) {

                                while (rs.next()) {

                                        System.out.printf("%s %s / %s\n",

                                                        rs.getString("first_name"),

                                                        rs.getString("last_name"),

                                                        rs.getDate("hire_date"));

                                }

                        }

 

                } catch (SQLException e) {

                        e.printStackTrace();

                }

 

        }

 

}

 

 

 

저작자표시 비영리 변경금지

'백엔드개발 > JDBC' 카테고리의 다른 글

Meta data  (1) 2023.11.13
Transaction  (0) 2023.11.13
Execute Update  (0) 2023.11.13
Select QUIZ / DB로부터 모든 사원의 사번/이름/부서명/직책명 읽어 파일형태로 저장하기 /  (0) 2023.11.13
JDBC Connection  (1) 2023.11.13
'백엔드개발/JDBC' Related Articles more