Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Entity–attribute–value model wikipedia , lookup
Extensible Storage Engine wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Functional Database Model wikipedia , lookup
Microsoft SQL Server wikipedia , lookup
Clusterpoint wikipedia , lookup
Relational model wikipedia , lookup
Databases & Web-based Applications JDBC & Java Servlets A. Benabdelkader ©UvA, 2002/2003 1 JDBC 2 Java Database Connectivity - JDBC Modeled after ODBC, JDBC API supports basic SQL functionality With JDBC, Java can be used as host language for writing database applications On top of JDBC, higher-level APIs can be built Currently, two types of higher-level APIs: An embedded SQL for Java (eg. SQLJ) A direct mapping of relational database tables to Java classes (eg. Java Blend from Sun) 3 Connolly © Addison Wesley, 2002 JDBC JDBC API consists of two main interfaces: an API for application writers, and a lower-level driver API for driver writers Applications and applets can access databases using: ODBC drivers and existing database client libraries JDBC API with pure Java JDBC drivers 4 Connolly © Addison Wesley, 2002 JDBC 5 Connolly © Addison Wesley, 2002 JDBC - Advantages/Disadvantages Advantage of using JDBC drivers is that they are a de facto standard for PC database access, and are available for many DBMSs, for very low price Disadvantages with this approach: Non-pure JDBC driver will not necessarily work with a Web browser Currently downloaded applet can connect only to database located on host machine Deployment costs increase 6 Connolly © Addison Wesley, 2002 JDBC - java.sql Package Driver: supports the creation of a data connection Connection: represents the connection between a Java client and an SQL database server DatabaseMetaData: contains information about the database server Statement: includes methods for executing SQL queries PreparedStatement: represents a pre-compiled and stored query CallableStatement: used to execute SQL stored procedures ResultSet: contains the results of the execution of a select query ResultSetMetaData, contains information about a ResultSet, including the attribute names and types 7 A. Benabdelkader ©UvA, 2002/2003 JDBC - Connecting to Databases java.sql.Driver no methods for users DriverManager.Connect method create connection java.sql.Connection createStatement java.sql.Statement executeQuery returns table as ResultSet executeUpdate returns integer update count 8 A. Benabdelkader ©UvA, 2002/2003 JDBC - Connections Loading driver classes Class.forName("myDriver.ClassName"); Database connection URL jdbc:<subprotocol>:<subname> Class.forName(“sun.jdbc.odbc.JdbcOdbcDriver”); jdbc:odbc:mydatabase subname example //hostname:port/databasename //enp01.enp.fsu.edu:3306/gsim Database MetaData DatabaseMetaData dma = con.getMetaData(); A. Benabdelkader ©UvA, 2002/2003 9 JDBC Examples - Connection import java.sql.*; public class JDBC_Connection { public static void main(String args[]) { String url = "jdbc:mt://amelie.wins.uva.nl/QueryDemo"; try { Class.forName("com.matisse.sql.MtDriver"); } catch(java.lang.ClassNotFoundException e) { System.err.println(e.getMessage());} try { Connection con = DriverManager.getConnection(url); DatabaseMetaData dma = con.getMetaData(); // Get information about the connection System.out.println("\nConnected to : " + dma.getURL() + "\nDriver : " + dma.getDriverName() + "\nVersion : " + dma.getDriverVersion()); } con.close(); } catch(SQLException ex) {System.err.println(ex.getMessage());} } 10 A. Benabdelkader ©UvA, 2002/2003 JDBC Examples - Meta Data ….. String query = “Select ….” Statement stmt = con.createStatement(); ResultSet rs = stmt.executeQuery(query); ResultSetMetaData rsmd = rs.getMetaData (); int numCols = rsmd.getColumnCount (); for (i=1; (i<=numCols); i++) { System.out.println("\n” + “Column Name: " + rsmd.getColumnLabel(i) + ”Type: " + rsmd.getColumnType(i)); } 11 A. Benabdelkader ©UvA, 2002 /2003 JDBC Examples - Execute Query public class SQLStatement { try { // make the connection …... Statement stmt = con.createStatement(); ResultSet rs = stmt.executeQuery(query); While (rs.next()) { For (int i = 1; i <= numCols; i++) { System.out.print(“Column “+ i + ": "); System.out.println(rs.getString(i)); } } stmt.close(); con.close(); } catch(SQLException ex) { System.err.println(ex.getMessage());} } 12 A. Benabdelkader ©UvA, 2002 /2003 JDBC - Update Statements Create new Objects String insertSQL = ”insert into Course (Code, Name) ” +”values (’Brown’,’Web Databases’)”; int rowcount = stmt.executeUpdate(insertSQL); if (rowcount == 0) // insert failed Update Objects String updateSQL +”Course.Credit int count = = 7 = “update Course set “ where Code =’BI301004’”; stmt.execute(updateSQL); // count is number of rows affected 13 A. Benabdelkader ©UvA, 2002 /2003 JDBC - Executing unknown SQL Arbitrary SQL may return table (ResultSet) or row count (int) Statement.execute method stmt.execute(sqlStatement); result = stmt.getResultSet(); while (true) {// loop through all results if (result != null) // process result else {// result is not a ResultSet rowcount = stmt.getUpdateCount(); if (rowcount == -1) break // no more results else // process row count } result = stmt.getMoreResults()) } 14 A. Benabdelkader ©UvA, 2002/2003 JDBC - Universal Database Discovery Get DB MetaData - Get DB Tables DatabaseMetaData dmd; try {dmd = con.getMetaData(); try { String tables[] = {"TABLE", "VIEW"}; results = dmd.getTables("", "", "", tables); } catch (SQLException e){out.println(e);} } catch (Exception e) {out.println(e);} // GET ALL RESULTS 15 A. Benabdelkader ©UvA, 2002/2003 JDBC - Universal Database Discovery Get Tables Results try { ResultSetMetaData rsmd = results.getMetaData(); int numCols = rsmd.getColumnCount(); while (results.next()) { System.out.println("Table Name: " + results.getString("TABLE_NAME")); } results.close(); con.close(); } catch (Exception e) { out.println(e); } 16 A. Benabdelkader ©UvA, 2002/2003 Java Servlets Core Servlets & JSP book: www.coreservlets.com More Servlets & JSP book: www.moreservlets.com Servlet and JSP Training Courses: courses.coreservlets.com 17 Outline • • • • • Java servlets Advantages of servlets Servlet structure Servlet examples Handling the client request – Form Data – HTTP request headers 18 www.coreservlets.com A Servlet’s Job • Read explicit data sent by client (form data) • Read implicit data sent by client (request headers) • Generate the results • Send the explicit data back to client (HTML) • Send the implicit data to client (status codes and response headers) 19 www.coreservlets.com Why Build Web Pages Dynamically? • The Web page is based on data submitted by the user – E.g., results page from search engines and orderconfirmation pages at on-line stores • The Web page is derived from data that changes frequently – E.g., a weather report or news headlines page • The Web page uses information from databases or other server-side sources – E.g., an e-commerce site could use a servlet to build a Web page that lists the current price and availability of each item that is for sale. 20 www.coreservlets.com The Advantages of Servlets Over “Traditional” CGI • Efficient – Threads instead of OS processes, one servlet copy, persistence • Convenient – Lots of high-level utilities • Powerful – Sharing data, pooling, persistence • Portable – Run on virtually all operating systems and servers • Secure – No shell escapes, no buffer overflows • Inexpensive – There are plenty of free and low-cost servers. 21 www.coreservlets.com Simple Servlet Template import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class ServletTemplate extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Use "request" to read incoming HTTP headers // (e.g. cookies) and HTML form data (query data) // Use "response" to specify the HTTP response status // code and headers (e.g. the content type, cookies). PrintWriter out = response.getWriter(); // Use "out" to send content to browser } 22 } www.coreservlets.com A Simple Servlet That Generates Plain Text import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class HelloWorld extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { PrintWriter out = response.getWriter(); out.println("Hello World"); } } 23 www.coreservlets.com A Servlet That Generates HTML public class HelloWWW extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String docType = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 " + "Transitional//EN\">\n"; out.println(docType + "<HTML>\n" + "<HEAD><TITLE>Hello WWW</TITLE></HEAD>\n" + "<BODY>\n" + "<H1>Hello WWW</H1>\n" + "</BODY></HTML>"); } } 24 www.coreservlets.com The Servlet Life Cycle • init – Executed once when the servlet is first loaded. Not called for each request. • service – Called in a new thread by server for each request. Dispatches to doGet, doPost, etc. Do not override this method! • doGet, doPost, doXxx – Handles GET, POST, etc. requests. – Override these to provide desired behavior. • destroy – Called when server deletes servlet instance. Not called after each request. 25 www.coreservlets.com Handling the Client Request: Form Data • Form data • Processing form data • Reading request parameters • Filtering HTML-specific characters 26 The Role of Form Data • Example URL at online travel agent – http://host/path?user=Marty+Hall&origin=bwi&dest=lax – Names come from HTML author; values usually come from end user • Parsing form (query) data in traditional CGI – Read the data one way (QUERY_STRING) for GET requests, another way (standard input) for POST requests – Chop pairs at ampersands, then separate parameter names (left of the equal signs) from parameter values (right of the equal signs) – URL decode values (e.g., "%7E" becomes "~") – Need special cases for omitted values (param1=val1¶m2=¶m3=val3) and repeated parameters (param1=val1¶m2=val2¶m1=val3) 27 www.coreservlets.com Creating Form Data: HTML Forms <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD><TITLE>A Sample Form Using GET</TITLE></HEAD> <BODY BGCOLOR="#FDF5E6"> <H2 ALIGN="CENTER">A Sample Form Using GET</H2> <FORM ACTION="http://localhost:8088/SomeProgram"> <CENTER> First name: <INPUT TYPE="TEXT" NAME="firstName" VALUE="Joe"><BR> Last name: <INPUT TYPE="TEXT" NAME="lastName" VALUE="Hacker"><P> <INPUT TYPE="SUBMIT"> <!-- Press this to submit form --> </CENTER> </FORM> </BODY></HTML> • See CSAJSP Chapter 16 for details on forms 28 www.coreservlets.com HTML Form: Initial Result 29 www.coreservlets.com Reading Form Data In Servlets • request.getParameter("name") – Returns URL-decoded value of first occurrence of name in query string – Works identically for GET and POST requests – Returns null if no such parameter is in query • request.getParameterValues("name") – Returns an array of the URL-decoded values of all occurrences of name in query string – Returns a one-element array if param not repeated – Returns null if no such parameter is in query • request.getParameterNames() – Returns Enumeration of request params 30 www.coreservlets.com An HTML Form With Three Parameters <FORM ACTION="/servlet/coreservlets.ThreeParams"> First Parameter: <INPUT TYPE="TEXT" NAME="param1"><BR> Second Parameter: <INPUT TYPE="TEXT" NAME="param2"><BR> Third Parameter: <INPUT TYPE="TEXT" NAME="param3"><BR> <CENTER><INPUT TYPE="SUBMIT"></CENTER> </FORM> 31 www.coreservlets.com Reading the Three Parameters public class ThreeParams extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String title = "Reading Three Request Parameters"; out.println(ServletUtilities.headWithTitle(title) + "<BODY BGCOLOR=\"#FDF5E6\">\n" + "<H1 ALIGN=CENTER>" + title + "</H1>\n" "<UL>\n" + " <LI><B>param1</B>: " + request.getParameter("param1") + "\n" " <LI><B>param2</B>: " + request.getParameter("param2") + "\n" " <LI><B>param3</B>: " + request.getParameter("param3") + "\n" "</UL>\n" + "</BODY></HTML>"); }} 32 + + + + www.coreservlets.com Reading Three Parameters: Result 33 www.coreservlets.com Filtering Strings for HTML-Specific Characters • You cannot safely insert arbitrary strings into servlet output – < and > can cause problems anywhere – & and " can cause problems inside of HTML attributes • You sometimes cannot manually translate – The string is derived from a program excerpt or another source where it is already in some standard format – The string is derived from HTML form data • Failing to filter special characters from form data makes you vulnerable to cross-site scripting attack – http://www.cert.org/advisories/CA-2000-02.html – http://www.microsoft.com/technet/security/crssite.asp 34 www.coreservlets.com