通过Java代码实现对数据库的数据进行添加操作
String names = Tools.isoToUtf8(request.getParameter("names")); String sex = Tools.isoToUtf8(request.getParameter("sex")) ; String blood = Tools.isoToUtf8(request.getParameter("blood")); String hobby = Tools.arrToString(request.getParameterValues("hobby"),','); String intro = Tools.isoToUtf8(request.getParameter("intro")); long time = System.currentTimeMillis(); //得到上传文件名 String pic = UploadFile.getFileName(request,"pic"); //得到上传文件结束 //连接数据库开始 try { Class.forName("com.mysql.jdbc.Driver");//加载驱动 //用法见:http://www.ncyteng.com/news/show/666.html String jdbc="jdbc:mysql://127.0.0.1:3306/stu_info"; Connection conn = DriverManager.getConnection(jdbc, "root", "root");//链接到数据库 //方法一: /* Statement state = conn.createStatement(); //state用来执行sql语句 String sql = "insert into students" + " (names, sex, blood, hobby, pic, intro, time)values('" + names+"','"+sex + "','" + blood + "','" + hobby + "','" + pic + "','" + intro +"','"+time +"')"; System.out.println(sql); int count = state.executeUpdate(sql); //将sql语句上传至数据库执行*/ //方法二: String sql = "insert into students (names,sex,blood,hobby,pic,intro,time) value (?,?,?,?,?,?,?)"; PreparedStatement ps = conn.prepareStatement(sql); //prepareStatement对象防止sql注入的方式是把用户非法输入的单引号用\反斜杠做了转义,从而达到了防止sql注入的目的 //setObject()用法,其中,第一个是指你SQL语句中的第几个参数,第二个是要设置的值 ps.setObject(1,names); ps.setObject(2,sex); ps.setObject(3,blood); ps.setObject(4,hobby); ps.setObject(5,pic); ps.setObject(6,intro); ps.setObject(7,time); int count = ps.executeUpdate(); out.print("添加成功" + count); ps.close(); conn.close(); } catch (ClassNotFoundException | SQLException e) { e.printStackTrace(); }