Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Introductory slides for JDBC & Java Servlets
Document related concepts
Entity–attribute–value model wikipedia , lookup
Extensible Storage Engine wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Functional Database Model wikipedia , lookup
Microsoft SQL Server wikipedia , lookup
Clusterpoint wikipedia , lookup
Relational model wikipedia , lookup
Transcript
Databases & Web-based Applications
JDBC & Java Servlets
A. Benabdelkader ©UvA, 2002/2003
1
JDBC
2
Java Database Connectivity - JDBC
Modeled after ODBC, JDBC API supports basic SQL
functionality
With JDBC, Java can be used as host language for
writing database applications
On top of JDBC, higher-level APIs can be built
Currently, two types of higher-level APIs:
An embedded SQL for Java (eg. SQLJ)
A direct mapping of relational database tables to Java classes (eg. Java
Blend from Sun)
3
Connolly © Addison Wesley, 2002
JDBC
JDBC API consists of two main interfaces: an API
for application writers, and a lower-level driver API
for driver writers
Applications and applets can access databases
using:
ODBC drivers and existing database client libraries
JDBC API with pure Java JDBC drivers
4
Connolly © Addison Wesley, 2002
JDBC
5
Connolly © Addison Wesley, 2002
JDBC - Advantages/Disadvantages
Advantage of using JDBC drivers is that they are a
de facto standard for PC database access, and are
available for many DBMSs, for very low price
Disadvantages with this approach:
Non-pure JDBC driver will not necessarily work with a
Web browser
Currently downloaded applet can connect only to
database located on host machine
Deployment costs increase
6
Connolly © Addison Wesley, 2002
JDBC - java.sql Package
Driver: supports the creation of a data connection
Connection: represents the connection between a Java client and an
SQL database server
DatabaseMetaData: contains information about the database
server
Statement: includes methods for executing SQL queries
PreparedStatement: represents a pre-compiled and stored query
CallableStatement: used to execute SQL stored procedures
ResultSet: contains the results of the execution of a select query
ResultSetMetaData, contains information about a ResultSet,
including the attribute names and types
7
A. Benabdelkader ©UvA, 2002/2003
JDBC - Connecting to Databases
java.sql.Driver
no methods for users
DriverManager.Connect method create connection
java.sql.Connection
createStatement
java.sql.Statement
executeQuery returns table as ResultSet
executeUpdate returns integer update count
8
A. Benabdelkader ©UvA, 2002/2003
JDBC - Connections
Loading driver classes
Class.forName("myDriver.ClassName");
Database connection URL
jdbc:<subprotocol>:<subname>
Class.forName(“sun.jdbc.odbc.JdbcOdbcDriver”);
jdbc:odbc:mydatabase
subname example
//hostname:port/databasename
//enp01.enp.fsu.edu:3306/gsim
Database MetaData
DatabaseMetaData dma = con.getMetaData();
A. Benabdelkader ©UvA, 2002/2003
9
JDBC Examples - Connection
import java.sql.*;
public class JDBC_Connection {
public static void main(String args[]) {
String url = "jdbc:mt://amelie.wins.uva.nl/QueryDemo";
try {
Class.forName("com.matisse.sql.MtDriver");
}
catch(java.lang.ClassNotFoundException e) {
System.err.println(e.getMessage());}
try {
Connection con = DriverManager.getConnection(url);
DatabaseMetaData dma = con.getMetaData();
// Get information about the connection
System.out.println("\nConnected to : " + dma.getURL() +
"\nDriver
: " + dma.getDriverName() +
"\nVersion
: " + dma.getDriverVersion());
}
con.close();
} catch(SQLException ex) {System.err.println(ex.getMessage());}
}
10
A. Benabdelkader ©UvA, 2002/2003
JDBC Examples - Meta Data
…..
String query = “Select ….”
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery(query);
ResultSetMetaData rsmd = rs.getMetaData ();
int numCols = rsmd.getColumnCount ();
for (i=1; (i<=numCols); i++) {
System.out.println("\n” +
“Column Name: " + rsmd.getColumnLabel(i) +
”Type: " + rsmd.getColumnType(i));
}
11
A. Benabdelkader ©UvA, 2002 /2003
JDBC Examples - Execute Query
public class SQLStatement {
try {
// make the connection …...
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery(query);
While (rs.next()) {
For (int i = 1; i <= numCols; i++) {
System.out.print(“Column “+ i + ": ");
System.out.println(rs.getString(i));
}
} stmt.close(); con.close();
} catch(SQLException ex) {
System.err.println(ex.getMessage());}
}
12
A. Benabdelkader ©UvA, 2002 /2003
JDBC - Update Statements
Create new Objects
String insertSQL = ”insert into Course (Code, Name) ”
+”values (’Brown’,’Web Databases’)”;
int rowcount = stmt.executeUpdate(insertSQL);
if (rowcount == 0) // insert failed
Update Objects
String
updateSQL
+”Course.Credit
int
count
=
=
7
=
“update
Course
set
“
where Code =’BI301004’”;
stmt.execute(updateSQL);
// count is number of rows affected
13
A. Benabdelkader ©UvA, 2002 /2003
JDBC - Executing unknown SQL
Arbitrary SQL may return table (ResultSet) or row count
(int)
Statement.execute method
stmt.execute(sqlStatement);
result = stmt.getResultSet();
while (true) {// loop through all results
if (result != null) // process result
else {// result is not a ResultSet
rowcount = stmt.getUpdateCount();
if (rowcount == -1) break // no more results
else // process row count
}
result = stmt.getMoreResults())
}
14
A. Benabdelkader ©UvA, 2002/2003
JDBC - Universal Database Discovery
Get DB MetaData - Get DB Tables
DatabaseMetaData dmd;
try {dmd = con.getMetaData();
try {
String tables[] = {"TABLE", "VIEW"};
results = dmd.getTables("", "", "", tables);
} catch (SQLException e){out.println(e);}
} catch (Exception e) {out.println(e);}
// GET ALL RESULTS
15
A. Benabdelkader ©UvA, 2002/2003
JDBC - Universal Database Discovery
Get Tables Results
try {
ResultSetMetaData rsmd = results.getMetaData();
int numCols = rsmd.getColumnCount();
while (results.next())
{
System.out.println("Table Name: " +
results.getString("TABLE_NAME"));
}
results.close();
con.close();
} catch (Exception e) {
out.println(e);
}
16
A. Benabdelkader ©UvA, 2002/2003
Java Servlets
Core Servlets & JSP book: www.coreservlets.com
More Servlets & JSP book: www.moreservlets.com
Servlet and JSP Training Courses: courses.coreservlets.com
17
Outline
•
•
•
•
•
Java servlets
Advantages of servlets
Servlet structure
Servlet examples
Handling the client request
– Form Data
– HTTP request headers
18
www.coreservlets.com
A Servlet’s Job
• Read explicit data sent by client (form data)
• Read implicit data sent by client
(request headers)
• Generate the results
• Send the explicit data back to client (HTML)
• Send the implicit data to client
(status codes and response headers)
19
www.coreservlets.com
Why Build Web Pages Dynamically?
• The Web page is based on data submitted by the user
– E.g., results page from search engines and orderconfirmation pages at on-line stores
• The Web page is derived from data that changes
frequently
– E.g., a weather report or news headlines page
• The Web page uses information from databases or
other server-side sources
– E.g., an e-commerce site could use a servlet to build a
Web page that lists the current price and availability of
each item that is for sale.
20
www.coreservlets.com
The Advantages of Servlets Over “Traditional” CGI
• Efficient
– Threads instead of OS processes, one servlet copy,
persistence
• Convenient
– Lots of high-level utilities
• Powerful
– Sharing data, pooling, persistence
• Portable
– Run on virtually all operating systems and servers
• Secure
– No shell escapes, no buffer overflows
• Inexpensive
– There are plenty of free and low-cost servers.
21
www.coreservlets.com
Simple Servlet Template
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class ServletTemplate extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
// Use "request" to read incoming HTTP headers
// (e.g. cookies) and HTML form data (query data)
// Use "response" to specify the HTTP response
status
// code and headers (e.g. the content type,
cookies).
PrintWriter out = response.getWriter();
// Use "out" to send content to browser
}
22
}
www.coreservlets.com
A Simple Servlet That Generates Plain
Text
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class HelloWorld extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
PrintWriter out = response.getWriter();
out.println("Hello World");
}
}
23
www.coreservlets.com
A Servlet That Generates HTML
public class HelloWWW extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String docType =
"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 " +
"Transitional//EN\">\n";
out.println(docType +
"<HTML>\n" +
"<HEAD><TITLE>Hello WWW</TITLE></HEAD>\n"
+
"<BODY>\n" +
"<H1>Hello WWW</H1>\n" +
"</BODY></HTML>");
}
}
24
www.coreservlets.com
The Servlet Life Cycle
• init
– Executed once when the servlet is first loaded.
Not called for each request.
• service
– Called in a new thread by server for each request.
Dispatches to doGet, doPost, etc.
Do not override this method!
• doGet, doPost, doXxx
– Handles GET, POST, etc. requests.
– Override these to provide desired behavior.
• destroy
– Called when server deletes servlet instance.
Not called after each request.
25
www.coreservlets.com
Handling the Client Request: Form Data
• Form data
• Processing form data
• Reading request parameters
• Filtering HTML-specific characters
26
The Role of Form Data
• Example URL at online travel agent
– http://host/path?user=Marty+Hall&origin=bwi&dest=lax
– Names come from HTML author;
values usually come from end user
• Parsing form (query) data in traditional CGI
– Read the data one way (QUERY_STRING) for GET
requests, another way (standard input) for POST requests
– Chop pairs at ampersands, then separate parameter
names (left of the equal signs) from parameter values
(right of the equal signs)
– URL decode values (e.g., "%7E" becomes "~")
– Need special cases for omitted values
(param1=val1¶m2=¶m3=val3) and repeated
parameters (param1=val1¶m2=val2¶m1=val3)
27
www.coreservlets.com
Creating Form Data:
HTML Forms
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD><TITLE>A Sample Form Using GET</TITLE></HEAD>
<BODY BGCOLOR="#FDF5E6">
<H2 ALIGN="CENTER">A Sample Form Using GET</H2>
<FORM ACTION="http://localhost:8088/SomeProgram">
<CENTER>
First name:
<INPUT TYPE="TEXT" NAME="firstName" VALUE="Joe"><BR>
Last name:
<INPUT TYPE="TEXT" NAME="lastName" VALUE="Hacker"><P>
<INPUT TYPE="SUBMIT"> <!-- Press this to submit form -->
</CENTER>
</FORM>
</BODY></HTML>
• See CSAJSP Chapter 16 for details on forms
28
www.coreservlets.com
HTML Form: Initial Result
29
www.coreservlets.com
Reading Form Data In Servlets
• request.getParameter("name")
– Returns URL-decoded value of first occurrence of name
in query string
– Works identically for GET and POST requests
– Returns null if no such parameter is in query
• request.getParameterValues("name")
– Returns an array of the URL-decoded values of all
occurrences of name in query string
– Returns a one-element array if param not repeated
– Returns null if no such parameter is in query
• request.getParameterNames()
– Returns Enumeration of request params
30
www.coreservlets.com
An HTML Form With Three Parameters
<FORM ACTION="/servlet/coreservlets.ThreeParams">
First Parameter: <INPUT TYPE="TEXT" NAME="param1"><BR>
Second Parameter: <INPUT TYPE="TEXT" NAME="param2"><BR>
Third Parameter: <INPUT TYPE="TEXT" NAME="param3"><BR>
<CENTER><INPUT TYPE="SUBMIT"></CENTER>
</FORM>
31
www.coreservlets.com
Reading the Three Parameters
public class ThreeParams extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String title = "Reading Three Request Parameters";
out.println(ServletUtilities.headWithTitle(title) +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<H1 ALIGN=CENTER>" + title + "</H1>\n"
"<UL>\n" +
" <LI><B>param1</B>: "
+ request.getParameter("param1") + "\n"
" <LI><B>param2</B>: "
+ request.getParameter("param2") + "\n"
" <LI><B>param3</B>: "
+ request.getParameter("param3") + "\n"
"</UL>\n" +
"</BODY></HTML>"); }}
32
+
+
+
+
www.coreservlets.com
Reading Three Parameters:
Result
33
www.coreservlets.com
Filtering Strings for HTML-Specific Characters
• You cannot safely insert arbitrary strings into servlet
output
– < and > can cause problems anywhere
– & and " can cause problems inside of HTML attributes
• You sometimes cannot manually translate
– The string is derived from a program excerpt or another
source where it is already in some standard format
– The string is derived from HTML form data
• Failing to filter special characters from form data
makes you vulnerable to cross-site scripting attack
– http://www.cert.org/advisories/CA-2000-02.html
– http://www.microsoft.com/technet/security/crssite.asp
34
www.coreservlets.com
