Scribd
Upload
8 views

Java jdbc Project Workshop

Java jdbc Project Workshop

Uploaded by

yasah60522
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
8 views

Java jdbc Project Workshop

Java jdbc Project Workshop

Uploaded by

yasah60522
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 15

JAVA PROJECT WORKSHOP

(JDBC – Part 3)
Lecture 3
Executing Non Select Queries

• In JDBC to execute non select queries we use the


method executeUpdate( ) provided by the
Statement interface.

• The prototype of the method is :

public int executeUpdate(String sql) throws


SQLException
Executing Non Select Queries

• This method takes any non-select sql command as


argument and returns the number of rows effected
by that command.

• There are 3 possible cases with return value:


1. >0 which means that atleast one row has been effected
2. =0 which means none of the rows have been effected
3. =-1 which means that the query is DDL ( but this case is driver
dependent)
Inserting New Record

• So to insert a new record using executeUpdate( )


method our code will be:
• Example:

Statement st=conn.createStatement();
String qry=“Insert into employees values(100, ‘Vishal’,4500)";
int res=st.executeUpdate(qry);
System.out.println("Record inserted:"+res);
Removing A Record

• Similarly to remove a record of the employee with


name Amit from the employees table the code will
be:
• Example:

Statement st=conn.createStatement();
String qry=“Delete from employees where ename=‘Amit’;
int res=st.executeUpdate(qry);
System.out.println("Record deleted:"+res);
Updating A Record

• Just like insert and delete , we can also execute update


command using the method executeUpdate( ) .
• So for updating sal of the employee with empno 101 by
increasing 1000 rupees in the employees table , the code
will be:
• Example:

Statement st=conn.createStatement();
String qry=“Update employees set sal=sal+1000 where empno=101’;
int res=st.executeUpdate(qry);
System.out.println("Record updated:"+res);
Dynamic SQL

• The term dynamic SQL means an SQL query


which contains dynamic values , i.e, the values
are supplied at run time

• For example , we want to insert records in the


database by accepting values from the user.
Dynamic SQL

• To solve this problem we have 2 options:


• 1. Use Statement object and create a dynamic sql query by using STRING
CONCATENATION

• 2. Use PreparedStaement
Using String Concatenation

• String qry= “insert into employees values(”+id+


“,’ ” +ename + “ ‘ ,”+ income+ “ )” ;

• The query above has been designed assuming that we have


a table called employees containing three columns for
empno,ename and sal .

• The variables id , ename and income are java variables


holding user input
Drawbacks Of String Concatenation

• It is very difficult to write as we have manually


insert single quotes

• It is a programmer’s responsibility to handle


date conversions

• It is prone to a very famous sql attack called SQL


INJECTION
PreparedStatement

• The PreparedStatement interface extends the


Statement interface which gives us added
functionality with a couple of advantages over a
generic Statement object.

• This statement gives us the flexibility of


supplying arguments dynamically.
PreparedStatement

• PreparedStatement object is created using


prepareStatement ( ) in Connection interface.

PreparedStatement pst = null;


String SQL = “Insert into employees values(? ,? ,?)”;
pst = conn.prepareStatement(SQL);

• All parameters in JDBC are represented by the ? symbol,


which is known as the placeholder

• We must supply values for every placeholder before


executing the SQL statement.
setXXX( ) methods

• The setXXX( ) methods bind values to the parameters, where XXX


represents the Java data type of the value you wish to bind to the input
parameter. If you forget to supply the values, you will receive a
SQLException.

• setXXX( ) method takes two arguments representing position of placeholder


(?) and value to replace respectively.

• Each placeholder is referred to by its ordinal position.

• The first placeholder represents position 1, the next position 2, and so forth.

pst.setInt(1, 101);
pst.setString(2,”Ravi”);
pst.setDouble(3,500.0);
Statement V/s PreparedStatement

Statement PreparedStatement
It is used to execute parameterized or
It is used to execute normal SQL queries.
dynamic SQL queries.

It is preferred when a particular SQL query is It is preferred when a particular query is to


to be executed only once. be executed multiple times.

You cannot pass the parameters to SQL You can pass the parameters to SQL query at
query using this interface. run time using this interface.

This interface is mainly used for DDL It is used for any kind of SQL queries which
statements like CREATE, ALTER, DROP etc. are to be executed multiple times.

The performance of this interface is better


The performance of this interface is very low. than the Statement interface (when used for
multiple execution of same query).
Statement V/s PreparedStatement

You might also like