Professional Documents
Culture Documents
What is JDBC
• JDBC is an acronym for
– Java Data Base Connectivity.
Connection con;
Statement stmt;
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
You can replace “Insert” query statemetn with update or delete query
statement.
Get record from database
• To retrieve or get record from database
executeQuery() method is used.
• class JdbcExample
• {
• public static void main(String[] args)
• {
• Connection conn = null;
• Statement stmt = null;
• int i = 0;
• try
• {
• Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
• conn = DriverManager.getConnection("jdbc:odbc:cdb");
• stmt = conn.createStatement();
• }
• catch (Exception e)
• {
• System.out.println("Error in conection");
• }
Contd….
• String lname = JOptionPane.showInputDialog("Ebter your last name");
• class JdbcExample
• {
• public static void main(String[] args)
• {
• Connection conn = null;
• Statement stmt = null;
• ResultSet rs = null;
• int i = 0;
Contd….
• try
• {
• Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
• conn =
DriverManager.getConnection("jdbc:odbc:cdb");
• stmt = conn.createStatement();
• }
• catch (Exception e)
• {
• System.out.println("Error in conection");
• }
Contd….
• try
• {
• rs = stmt.executeQuery("Select fname, lname from personal");
• while(rs.next())
• {
• System.out.println(rs.getString(1) + " "
+rs.getString(2));
• // rs.next();
• }
• }
• catch (Exception e)
• {
• System.out.println("Exception");
• }
• }
• }
JDBC: Prepared Statements
(1)
• But query compilation takes a (relatively) long
time!
• This example is therefore inefficient.
int[] students = {1, 2, 4, 7, 9};
for (int i = 0; i < students.length; ++i) {
ResultSet rs = stmt.executeQuery("SELECT * " +
"FROM STUDENT WHERE sid = " + students[i]);
while (rs.next()) {
…
}
20
JDBC: Prepared Statements
(2)
• To speed things up, prepare statements and bind
arguments to them
• This also means you don’t have to worry about escaping
strings, formatting dates, etc.
– Problems with this lead to a lot of security holes (SQL injection)
– Suppose a user inputs the name “O’Reilly”
PreparedStatement stmt =
conn.prepareStatement("SELECT * " +
"FROM STUDENT WHERE sid = ? ");
int[] students = {1, 2, 4, 7, 9};
for (int i = 0; i < students.length; ++i) {
stmt.setInt(1, students[i]);
ResultSet rs = stmt.executeQuery();
while (rs.next()) {
…
} 21
PreparedStatement
• The contained SQL is sent to the database and compiled or prepared beforehand
• From this point on, the prepared SQL is sent and this step is bypassed. The more dynamic
Statement requires this step on every execution.
• Depending on the DB engine, the SQL may be cached and reused even for a different
PreparedStatement and most of the work is done by the DB engine rather than the driver
PreparedStatement cont.
• A PreparedStatement can take IN parameters, which act much like
arguments to a method, for column values.
• PreparedStatement updateSales =
• con.prepareStatement(“UPDATE OFFER_TBL SET
QUANTITY = ? WHERE ORDER_NUM = ? ");
• // “?” are referred to as Parameter Markers
• // Parameter Markers are referred to by number, starting from 1, in left to
right order.
• // PreparedStatement's setXXX() methods are used to set the IN
parameters, which remain set until changed.
PreparedStatement Steps
cont.
3. Bind in your variables. The binding in of variables is positional based
updateSales.setInt(1, 75);
updateSales.setInt(2, 10398001);
4. Once all the vairables have been bound, then you execute the prepared
statement
• This gives valuable information about the data that you are retrieving or the
database that you are using