String id = request.getParameter("id"); String dname = request.getParameter("dname"); String btime= request.getParameter("btime"); String title= request.getParameter("title"); Class.forName("com.mysql.jdbc.Driver"); Connection conn=DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/library","root","123456"); Statement stat=conn.createStatement(); String sql="update books set count=count-1 where id="+id; stat.executeUpdate(sql); stat.close(); conn.close(); response.sendRedirect("borrow.jsp");同时实现String sql=insert into borrow(dname,id,title,btime) values('"+dname+"','"+id+"','"+title+"','"+btime+"',);语句
时间: 2023-07-19 14:11:03 浏览: 39
可以使用PreparedStatement实现批量处理和参数化查询,同时执行两个SQL语句,代码如下:
```
String id = request.getParameter("id");
String dname = request.getParameter("dname");
String btime= request.getParameter("btime");
String title= request.getParameter("title");
Class.forName("com.mysql.jdbc.Driver");
Connection conn=DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/library","root","123456");
String updateSql="update books set count=count-1 where id=?";
String insertSql="insert into borrow(dname,id,title,btime) values(?,?,?,?)";
PreparedStatement stmt = conn.prepareStatement(updateSql + ";" + insertSql);
stmt.setString(1, id);
stmt.setString(2, dname);
stmt.setString(3, id);
stmt.setString(4, title);
stmt.setString(5, btime);
conn.setAutoCommit(false);
stmt.executeUpdate();
conn.commit();
conn.setAutoCommit(true);
stmt.close();
conn.close();
response.sendRedirect("borrow.jsp");
```
注意这里使用了参数化查询,可以避免SQL注入的问题。同时使用了批量处理技术,将两个SQL语句同时执行,可以提高效率。可以将两个SQL语句拼接成一条语句,使用PreparedStatement执行即可。