pstmt.setInt(1, 100)
Download
Report
Transcript pstmt.setInt(1, 100)
JDBC
"Java Database Connectivity"
1
Useful JDBC Links
• Getting Started Guide:
http://java.sun.com/j2se/1.5.0/docs/guide/jdbc/g
etstart/GettingStartedTOC.fm.html
• java.sql Package API:
http://java.sun.com/j2se/1.5.0/docs/api/java/sql/
package-summary.html
2
Introduction to JDBC
• JDBC allows for convenient database
access from Java applications
• Data is transferred from relations to
objects and vice-versa
– databases optimized for searching/indexing
– objects optimized for engineering/flexibility
3
Why Access a Database from within a
Program?
• As we saw last week, some queries can’t be computed in SQL.
• PL/pgSQL includes more programming tools than SQL
• However, sometimes using PL/pgSQL will not be suitable:
– If we require object-oriented programming
– If accessing the database is a small part of a large Java
application
– Etc.
• Why not keep all the data in Java objects?
• “Separation of concerns”: DBMSes concentrate on data storage
and access; programs concentrate on algorithms, networking, etc.
4
Packages to Import
• In order to connect to a database from
java, import the following packages:
– java.sql.*;
(usually enough)
– javax.sql.*
(for advanced features, such as
scrollable result sets)
5
access
• Add the following line to your .classpath
file (located in your home directory):
setenv CLASSPATH ${CLASSPATH}:/usr/share/java/postgresql.jar
• And then open a new shell
6
Six Steps
• Load the driver
• Establish the Connection
• Create a Statement object
• Execute a query
• Process the result
• Close the connection
7
JDBC Architecture (1)
Driver
Manager
Application
Driver
DBMS
• DriverManager is provided by Java
Software as part of the Java 2
Platform.
• Drivers are provided by DBMS vendors.
JDBC Architecture (2)
• The application creates a driver instance and
registers it with the DriverManager.
• The DriverManager tells the driver to connect
to the DB
• The DriverManager keeps track of registered
driver instances and their connections to
DB’s.
• The Driver “talks” to a particular DB through
the connection
Connecting
1. Initializing a driver and registering it
with the DriverManager:
Class.forName(“org.postgresql.Driver");
2. Getting a connection:
DriverManager.getConnection(URL)
•
The URL is:
“jdbc:postgresql://dbserver/public”,”YOUR-LOGIN”,null
10
For example
Class.forName(“org.postgresql.Driver");
DriverManager.getConnection
(“jdbc:postgresql://dbserver/public”,”gidi”,null);
11
Interacting with the DB
•
Once you have established a connection, your
would like to interact with the DB
•
Interaction are done by sending Statements
and PreparedStatements to the DB
•
These are used for 2 things (using different
methods):
1. Querying the DB (executeQuery)
2. Changing the DB (executeUpdate)
12
Statement
Statement createStatement()
– returns a new Statement object
• Used to send SQL commands to the DB
• Created via the connection object
Statement query methods
1.
stmt.executeQuery(String query): for
queries that return a single ResultSet
object (typically select)
2. stmt.executeUpdate(String query): for
INSERT, UPDATE, DELETE, and SQL DDL
directives
14
Compilation
• When executing an SQL statement via
JDBC, it is not checked for errors until it
is run (Not checked during compilation)
15
executeQuery
String queryStr =
"SELECT * FROM Sailors " +
"WHERE Name = 'joe smith'";
No semicolon(;)
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery(queryStr);
• The executeQuery method returns a ResultSet
object representing the query result.
16
executeUpdate
String deleteStr =
“DELETE FROM Sailors " +
"WHERE sid = 15";
No semicolon(;)
Statement stmt = con.createStatement();
int delnum = stmt.executeUpdate(deleteStr);
• executeUpdate returns the number of rows
modified
17
PreparedStatement motivation
• Suppose we would like to run the query
SELECT * FROM Emp
where name=‘moshe’;
• But we would like to run this for all employees
(separately), not only ‘moshe’…
• Could we create a variable instead of ‘moshe’
which would get a different name every time??..
18
PreparedStatement
PreparedStatement prepareStatement(String)
– returns a new PreparedStatement object
19
Prepared Statements
• Prepared Statements are used for queries that
are executed many times with possibly
different contents.
• A PreparedStatement object includes the query
and is prepared for execution (precompiled).
• Question marks can be inserted as variables.
-setString(i, value)
The i-th question
-setInt(i, value)
mark is set to the
given value.
20
PreparedStatement.executeQuery()
String queryStr =
"SELECT * FROM Sailors " +
"WHERE Name = ? and Rating < ?”;
PreparedStatement pstmt =
con.prepareStatement(queryStr);
Value to
insert
pstmt.setString(1, “Joe”);
pstmt.setInt(2, 8);
1st question
mark
ResultSet rs = pstmt.executeQuery();
21
PreparedStatement.executeUpdate()
String deleteStr =
“DELETE FROM Boats " +
"WHERE Name = ? and Color = ?”;
PreparedStatement pstmt =
con.prepareStatement(deleteStr);
pstmt.setString(1, “Fluffy”);
pstmt.setString(2, "red");
int delnum = pstmt.executeUpdate();
22
• Will this work?
PreparedStatement pstmt =
con.prepareStatement(“select * from ?”);
pstmt.setString(1, "Sailors");
No! We may put ? only instead of values
23
Why use preparedStatement?
• In most cases, you can use a regular statement and just
change the string you send to executeQuery each time
• You have to be careful
24
Why use preparedStatement?
• Suppose google worked without PreparedStatements,
they would implement search queries as something like:
Statement s;
s.executeQuery(‘select URL,Title from internet where
content like ‘%”+searchString+”%’”);
• What would happen if a hacker searched for:
bla bla’ UNION select company as URL, CreditCardNumber
AS title from advertisingClients where company like ‘
Example taken from dbi course 25
ResultSet (1)
• A ResultSet is an object which contains the
result of a query - a “table”.
• At most one ResultSet per Statement can be
open at the same time(!!).
• A ResultSet maintains a cursor pointing to its
current row of data.
• The 'next' method moves the cursor to the
next row
• As of JDBC 2.0, scrollable ResultSets are
available, which also include ‘previous’, ’first’,
‘last’, etc..
ResultSet (2)
• resultSet methods work on the
current row.
• The cursor is positioned before
the first row upon creation.
ResultSet (3)
Statement stmt=
con.createStatement();
ResultSet rs =
stmt.executeQuery (
"SELECT * FROM Table1");
while (rs.next()) {
//something…
}
ResultSet methods
• Getting the value in some column (for the
String s =
current row):
– getString(int columnNum);
rs.getString(“column1");
– getString(String columnName);
– getInt(int columnNum);
– getInt(String columnName);
– Etc…
• To check if NULL was returned, you have to
use wasNull() on the ResultSet after getting
the value.
29
Example revisited
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery("SELECT a, b, c FROM
Table1");
// retrieve and print the values for the current row
while (rs.next()) {
int i = rs.getInt("a");
String s = rs.getString("b");
float f = rs.getFloat("c");
System.out.println("ROW = " + i + " " + s + " " + f);
}
30
ResultSetMetaData
An object created by the ResultSet which
holds information about its columns
ResultSetMetaData rsmd = rs.getMetaData();
int numcols = rsmd.getColumnCount();
for (int i = 1 ; i <= numcols; i++) {
if (i > 1) System.out.print(",");
System.out.print(rsmd.getColumnLabel(i));
}
31
Printing Query Output:
Result Set (2)
while (rs.next()) {
for (int i = 1 ; i <= numcols; i++) {
if (i > 1) System.out.print(",");
System.out.print(rs.getString(i));
}
System.out.println("");
}
• getString() is allowed to access all simple JDBC types
32
Cleaning Up After Yourself
• Remember to close the Connections,
Statements, PreparedStatements and
ResultSets
con.close();
stmt.close();
pstmt.close();
rs.close();
33
Dealing With Exceptions
catch (SQLException e) {
//human readable message about the exception
System.out.println(e.getMessage());
//String describing the reason of the exception
System.out.println(e.getSQLState());
//driver-dependent code for the exception
System.out.println(e.getErrorCode());
}
34
Mapping SQL and Java Types
• SQL and Java data types are not identical
• There are significant variations between
the SQL types supported by different
database products
• JDBC defines a set of generic SQL type
identifiers in the class java.sql.Types
• The driver is responsible for mapping
between the DB SQL types and JDBC
SQL types
35
Transactions in JDBC
36
Transactions
• Transaction = 2 or more statements which must
all succeed (or all fail) together
• If one fails, the system must reverse all
previous actions
• Aim: don’t leave DB in inconsistent state halfway
through a transaction
• COMMIT = complete transaction
• ROLLBACK = abort
37
Example
• Suppose we want to transfer money from bank
account 13 to account 72:
PreparedStatement pstmt =
con.prepareStatement(“UPDATE BankAccount
SET amount = amount + ?
WHERE accountId = ?”);
pstmt.setInt(1,-100);
pstmt.setInt(2, 13);
pstmt.executeUpdate();
What happens if this
pstmt.setInt(1, 100);
update fails?
pstmt.setInt(2, 72);
pstmt.executeUpdate();
38
Transaction Management
• The connection has a state called AutoCommit
mode
• if AutoCommit is true, then every statement is
automatically committed
• if AutoCommit is false, then every statement is
added to an ongoing transaction
• Default: true
39
AutoCommit
con.setAutoCommit(boolean val)
• If you set AutoCommit to false, you must
explicitly commit or rollback the transaction
using Connection.commit() and
Connection.rollback()
40
Example
con.setAutoCommit(false);
try {
PreparedStatement pstmt =
con.prepareStatement(“update BankAccount
set amount = amount + ?
where accountId = ?”);
pstmt.setInt(1,-100); pstmt.setInt(2, 13);
pstmt.executeUpdate();
pstmt.setInt(1, 100); pstmt.setInt(2, 72);
pstmt.executeUpdate();
con.commit();
}catch (SQLException e) {
con.rollback();
}
41