PreparedStatement类
存在预编译,用占位符去填参数(参数索引从1开始算),可以防止SQL注入
try { Class.forName("com.mysql.cj.jdbc.Driver"); Connection conn=DriverManager.getConnection("jdbc:mysql://localhost:3306/testjdbc?&useSSL=false&serverTimezone=UTC" ,"root","123456"); String sql="insert into t_user (username,pwd,regTime) values (?,?,?)";//占位符 PreparedStatement ps=conn.prepareStatement(sql); // ps.setString(1, "张"); // ps.setInt(2,0000); //可以使用setObject ps.setObject(1, "孙"); ps.setObject(2, 99999); ps.setObject(3, new java.sql.Date(System.currentTimeMillis())); System.out.println("插入一行记录"); ps.execute(); }