Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Microsoft Access wikipedia , lookup
Extensible Storage Engine wikipedia , lookup
Oracle Database wikipedia , lookup
Concurrency control wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Database model wikipedia , lookup
Microsoft SQL Server wikipedia , lookup
ContactPoint wikipedia , lookup
Clusterpoint wikipedia , lookup
Relational model wikipedia , lookup
Java Database Connectivity (JDBC) • Using PreparedStatement Prepared By: Dr.Osama Al-Haj Hassan ١ Why PreparedStatement • PreparedStatement is more readable than Statement • PreparedStatement is more efficient than Statement • PreparedStatement is more secure than Statement ٢ Example 1 import java.sql.*; • Any parameter (variable) of SQL statement public class DBTest9{ is provided as question mark “?” public static void main(String[] args) { • SQL statement is given as a parameter try{ to method “prepareStatement” Class.forName("com.mysql.jdbc.Driver"); String database="jdbc:mysql://localhost/videostore"; Connection con = DriverManager.getConnection(database,"root","root"); PreparedStatement pst = con.prepareStatement("select * from video where vid=?”); pst.setInt(1,5); • You set the SQL parameter value using ResultSet rs = pst.executeQuery(); PreparedStatement “set” methods that includes if(rs.next()){ setters for each data type. In this example, vid is for ( int i = 1; i <= 3; i++ ){ integer. So, we use “setInt” System.out.print(rs.getObject(i)+"\t"); } System.out.println(); • The PreparedStatement set methods takes two parameters: } 1) index of SQL parameter where indexes start from 1 rs.close(); 2) The value of the SQL parameter pst.close(); con.close(); } catch (Exception e) { System.out.println("Error: " + e); } } ٣ } ٣ Example 2 import java.sql.*; public class DBTest9{ public static void main(String[] args) { try{ Class.forName("com.mysql.jdbc.Driver"); String database="jdbc:mysql://localhost/videostore"; Connection con = DriverManager.getConnection(database,"root","root"); PreparedStatement pst = con.prepareStatement("insert into video values(?,?,?) "); pst.setInt(1,66); pst.setInt(2, "Gladiator"); pst.setInt(3, "Action"); • In this example. We used PreparedStatement to ResultSet rs = pst.executeUpdate(); insert a new video (66,”Gladiator”, “Action”) in database rs.close(); pst.close(); con.close(); } catch (Exception e) { •If you want to execute a delete statement, it would be System.out.println("Error: " + e); similar to the insert statement in this slide } } } ٤ ٤ Example 3 import java.sql.*; public class DBTest9{ • In this example, we want to find videos that public static void main(String[] args) { has vname containing a certain pattern. try{ Class.forName("com.mysql.jdbc.Driver"); • We use “like” condition String database="jdbc:mysql://localhost/videostore"; Connection con = DriverManager.getConnection(database,"root","root"); PreparedStatement pst = con.prepareStatement("select * from video where vname like ? "); String name = JOptionPane.showInputDialog(null, "enter pattern"); pst.setInt(1, "%"+name+"%"); ResultSet rs = pst.executeQuery(); • We use “%” wildcard which indicates any while(rs.next()){ sequence of characters of length zero or more for ( int i = 1; i <= 3; i++ ){ System.out.print(rs.getObject(i)+"\t"); } System.out.println(); • The “%” wild character has to be inserted when setting } The SQL parameter value. rs.close(); pst.close(); con.close(); } catch (Exception e) { System.out.println("Error: " + e); } } ٥ } ٥