Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Java Database Connectivity (JDBC)
Document related concepts
Microsoft Access wikipedia , lookup
Extensible Storage Engine wikipedia , lookup
Oracle Database wikipedia , lookup
Concurrency control wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Database model wikipedia , lookup
Microsoft SQL Server wikipedia , lookup
ContactPoint wikipedia , lookup
Clusterpoint wikipedia , lookup
Relational model wikipedia , lookup
Transcript
Java Database Connectivity
(JDBC)
• Using PreparedStatement
Prepared By: Dr.Osama Al-Haj Hassan
١
Why PreparedStatement
• PreparedStatement is more readable than Statement
• PreparedStatement is more efficient than Statement
• PreparedStatement is more secure than Statement
٢
Example 1
import java.sql.*;
• Any parameter (variable) of SQL statement
public class DBTest9{
is provided as question mark “?”
public static void main(String[] args) {
• SQL statement is given as a parameter
try{
to method “prepareStatement”
Class.forName("com.mysql.jdbc.Driver");
String database="jdbc:mysql://localhost/videostore";
Connection con = DriverManager.getConnection(database,"root","root");
PreparedStatement pst = con.prepareStatement("select * from video where vid=?”);
pst.setInt(1,5);
• You set the SQL parameter value using
ResultSet rs = pst.executeQuery();
PreparedStatement “set” methods that includes
if(rs.next()){
setters for each data type. In this example, vid is
for ( int i = 1; i <= 3; i++ ){
integer. So, we use “setInt”
System.out.print(rs.getObject(i)+"\t");
}
System.out.println();
• The PreparedStatement set methods takes two parameters:
}
1) index of SQL parameter where indexes start from 1
rs.close();
2) The value of the SQL parameter
pst.close();
con.close();
}
catch (Exception e) {
System.out.println("Error: " + e);
}
}
٣
}
٣
Example 2
import java.sql.*;
public class DBTest9{
public static void main(String[] args) {
try{
Class.forName("com.mysql.jdbc.Driver");
String database="jdbc:mysql://localhost/videostore";
Connection con = DriverManager.getConnection(database,"root","root");
PreparedStatement pst = con.prepareStatement("insert into video values(?,?,?) ");
pst.setInt(1,66);
pst.setInt(2, "Gladiator");
pst.setInt(3, "Action");
• In this example. We used PreparedStatement to
ResultSet rs = pst.executeUpdate();
insert a new video (66,”Gladiator”, “Action”) in database
rs.close();
pst.close();
con.close();
}
catch (Exception e) {
•If you want to execute a delete statement, it would be
System.out.println("Error: " + e);
similar to the insert statement in this slide
}
}
}
٤
٤
Example 3
import java.sql.*;
public class DBTest9{
• In this example, we want to find videos that
public static void main(String[] args) {
has vname containing a certain pattern.
try{
Class.forName("com.mysql.jdbc.Driver");
• We use “like” condition
String database="jdbc:mysql://localhost/videostore";
Connection con = DriverManager.getConnection(database,"root","root");
PreparedStatement pst = con.prepareStatement("select * from video where vname like ? ");
String name = JOptionPane.showInputDialog(null, "enter pattern");
pst.setInt(1, "%"+name+"%");
ResultSet rs = pst.executeQuery();
• We use “%” wildcard which indicates any
while(rs.next()){
sequence of characters of length zero or more
for ( int i = 1; i <= 3; i++ ){
System.out.print(rs.getObject(i)+"\t");
}
System.out.println();
• The “%” wild character has to be inserted when setting
}
The SQL parameter value.
rs.close();
pst.close();
con.close();
}
catch (Exception e) {
System.out.println("Error: " + e);
}
}
٥
}
٥
