JDBC (@PostgreSQL).

Slides:



Advertisements
Similar presentations
Basic JDBC Celsina Bignoli What is JDBC Industry standard for database- connectivity between the Java language and a wide range of.
Advertisements

Database programming in Java An introduction to Java Database Connectivity (JDBC)
Distributed Application Development B. Ramamurthy.
JDBC CS-328. JDBC Java API for accessing RDBMS Allows use of SQL for RDBMS programming Can be used for: –embedded SQL –execution of stored queries.
1 JDBC Java Database Connectivity. 2 c.pdf
1 JDBC: Java Database Connectivity. 2 Introduction to JDBC JDBC is used for accessing databases from Java applications Information is transferred from.
מסדי נתונים תשס " ג 1 JDBC Java Database Connectivity קורס מסדי נתונים.
1 JDBC – Java Database Connectivity. 2 Introduction to JDBC JDBC is used for accessing databases from Java applications Information is transferred from.
1 Sub-queries and Views. 2 A Complex Query We would like to create a table containing 3 columns: –Sailor id –Sailor age –Age of the oldest Sailor How.
1 JDBC – Java Database Connectivity Representation and Management of Data on the Internet.
1 Triggers. 2 PL/SQL reminder We presented PL/SQL- a Procedural extension to the SQL language. We reviewed the structure of an anonymous PL/SQL block:
1 JDBC "Java Database Connectivity". 2 Getting Started Guide: etstart/GettingStartedTOC.fm.html java.sql.
JDBC DBI 2008 HUJI-CS 2 Java Database Connectivity JDBC (Java Database Connectiveity) is an API (Application Programming Interface), –That.
Managing Concurrency in Web Applications. DBI 2007 HUJI-CS 2 Intersection of Concurrent Accesses A fundamental property of Web sites: Concurrent accesses.
UFCE4Y UFCE4Y-20-3 Components and Services Julia Dawson.
Java MS Access database connectivity Follow these steps: 1)Go to the start->Control Panel->Administrative Tools- > data sources. 2)Click Add button and.
Advance Computer Programming Java Database Connectivity (JDBC) – In order to connect a Java application to a database, you need to use a JDBC driver. –
CS178 Database Management “JDBC”. What is JDBC ? JDBC stands for “Java DataBase Connectivity” The standard interface for communication between a Java.
Java Database Connectivity (JDBC) Introduction to JDBC JDBC is a simple API for connecting from Java applications to multiple databases. Lets you smoothly.
1 JDBC – Java Database Connectivity Modified slides from Dr. Yehoshua Sagiv.
JDBC Tutorial MIE456 - Information Systems Infrastructure II Vinod Muthusamy November 4, 2004.
JDBC (Java Database Connectivity) SNU OOPSLA Lab. October 2005.
VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wananga o te Upoko o te Ika a Maui COMP 302 Database Systems Java Data Base Connectivity Lecturer Dr Pavle Mogin.
JDBC Java and Databases, including Postgress. JDBC l Developed by Industry leaders l Three main goals: –JDBC should be an SQL-level API –JDBC should capitalize.
1cs Intersection of Concurrent Accesses A fundamental property of Web sites: Concurrent accesses by multiple users Concurrent accesses intersect.
JDBC. JDBC stands for Java Data Base Connectivity. JDBC is different from ODBC in that – JDBC is written in Java (hence is platform independent, object.
1 JDBC – Java Database Connectivity. 2 Introduction to JDBC JDBC is used for accessing databases from Java applications Information is transferred from.
1 JDBC Aum Amriteshwaryai Namah. 2 2 JDBC – Java DataBase Connectivity.
JDBC. Preliminaries Database Database Collection of data Collection of data DBMS DBMS Database management system Database management system Stores and.
Chapter 8 Databases.
WEB/DB1 DATABASE PROGRAMMING 3JDBC by the ASU Scholars.
JDBC – Java Database Concentricity
Copyright  Oracle Corporation, All rights reserved. 6 Accessing a Database Using the JDBC API.
Java Database Connectivity (JDBC). Topics 1. The Vendor Variation Problem 2. SQL and Versions of JDBC 3. Creating an ODBC Data Source 4. Simple Database.
Java Database Connectivity. Java and the database Database is used to store data. It is also known as persistent storage as the data is stored and can.
JDBC Database Programming in Java Prepared by., Mrs.S.Amudha AP/SWE.
JDBC. Java.sql.package The java.sql package contains various interfaces and classes used by the JDBC API. This collection of interfaces and classes enable.
Li Tak Sing COMPS311F. Database programming JDBC (Java Database Connectivity) Java version of ODBC (Open Database Connectivity) ODBC provides a standard.
Database Access Using JDBC BCIS 3680 Enterprise Programming.
Access Databases from Java Programs via JDBC Tessema M. Mengistu Department of Computer Science Southern Illinois University Carbondale
JDBC Part II CS 124. More about JDBC Types Statement versus PreparedStatement Timeout NULL values Meta-data close() methods Exceptions Transactions JDBC.
JDBC (Java Database Connectivity)
CS122B: Projects in Databases and Web Applications Winter 2016
1 JDBC: Java Database Connectivity. 2 Introduction to JDBC JDBC is used for accessing databases from Java applications Information is transferred from.
1 JDBC – Java Database Connectivity CS , Spring 2010.
Intro to JDBC Joseph Sant Applied Computing and Engineering Sciences Sheridan ITAL.
CS422 Principles of Database Systems JDBC and Embedded SQL Chengyu Sun California State University, Los Angeles.
Java and database. 3 Relational Databases A relational Database consists of a set of simple rectangular tables or relations The column headings are.
JDBC. What is JDBC JDBC is an acronym for –Java Data Base Connectivity. It allows java program to connect to any database.
JDBC.
JDBC 2 Getting Started Guide: etstart/GettingStartedTOC.fm.html java.sql Package API:
1 JDBC – Java Database Connectivity THETOPPERSWAY.COM.
CS320 Web and Internet Programming Database Access with JDBC Chengyu Sun California State University, Los Angeles.
Java Database Connectivity: JDBC
CS3220 Web and Internet Programming Database Access with JDBC
Managing Concurrency in Web Applications
JDBC – Java Database Connectivity
CS320 Web and Internet Programming Database Access with JDBC
How to connect natively?
JDBC – Java Database Connectivity
JDBC – Java Database Connectivity
HW#4 Making Simple BBS Using JDBC
Prof: Dr. Shu-Ching Chen TA: Sheng Guan
Design and Implementation of Software for the Web
Interacting with Database
JDBC – Java Database Connectivity
Bolat Azamat, Kim Dongmin
JDBC Example.
CS3220 Web and Internet Programming Database Access with JDBC
CS3220 Web and Internet Programming Database Access with JDBC
Presentation transcript:

JDBC (@PostgreSQL)

Useful JDBC Links Getting Started Guide: java.sql Package API: http://java.sun.com/j2se/1.5.0/docs/guide/jdbc/getstart/GettingStartedTOC.fm.html java.sql Package API: http://java.sun.com/j2se/1.5.0/docs/api/java/sql/package-summary.html

Why Access a Database from within a Program? Some queries can’t be computed in SQL. Why not keep all the data in Java objects? “Separation of concerns”: DBMS-s good on data storage and access; programs concentrate on algorithms, networking, etc.

Java Database Connectivity JDBC (Java Database Connectiveity) is an API (Application Programming Interface), That is, a collection of classes and interfaces JDBC is used for accessing databases from Java applications Information is transferred from relations to objects and vice-versa databases optimized for searching/indexing objects optimized for engineering/flexibility

Hello World Example import java.sql.*; public class HelloWorld { public static void main(String[] str) throws Exception { Class.forName("org.postgresql.Driver"); Connection con = DriverManager.getConnection("jdbc:postgresql://pgserver/public?use r=me"); Statement stmt = con.createStatement(); ResultSet rs = stmt.executeQuery("select 'hello world'"); while(rs.next()) { System.out.println(rs.getString(1)); } stmt.close(); rs.close(); con.close();

Packages to Import In order to connect to a database from java, import the following packages: java.sql.*; (usually enough) javax.sql.* (for advanced features, such as scrollable result sets)

access You will need to add an appropriate jar file to your classpath. The jar file for the Postgres driver is available at: /usr/share/java/postgresql.jar

Hello World Example import java.sql.*; public class HelloWorld { public static void main(String[] str) throws Exception { Class.forName("org.postgresql.Driver"); Connection con = DriverManager.getConnection("jdbc:postgresql://pgserver/public?us er=me"); Statement stmt = con.createStatement(); ResultSet rs = stmt.executeQuery("select 'hello world'"); while(rs.next()) { System.out.println(rs.getString(1)); } stmt.close(); rs.close(); con.close();

JDBC Architecture Network These are Java classes Oracle Driver Oracle Java Application DB2 Driver JDBC DB2 We will use this one… Postgres Driver Postgres

JDBC Architecture (cont.) Application JDBC Driver Java code calls JDBC library JDBC loads a driver The driver talks to a particular database An application can work with several databases by using all corresponding drivers Ideal: change database engines w/o changing any application code (not always in practice)

Seven Steps Load the driver Define the connection URL Establish the connection Create a Statement object Execute a query using the Statement Process the result Close the connection

Registering the Driver To use a specific driver, instantiate and register it within the driver manager: Driver driver = new org.postgresql.Driver(); DriverManager.registerDriver(driver);

A Modular Alternative Class.forName("org.postgresql.Driver"); We can register the driver indirectly using Class.forName loads the given class dynamically When the driver is loaded, it automatically creates an instance of itself registers this instance within DriverManager Hence, the driver class can be given as an argument of the application Class.forName("org.postgresql.Driver");

An Example // A driver for imaginary1 Class.forName("ORG.img.imgSQL1.imaginary1Driver"); // A driver for imaginary2 Driver driver = new ORG.img.imgSQL2.imaginary2Driver(); DriverManager.registerDriver(driver); //A driver for PostgreSQL Class.forName("org.postgresql.Driver");     imaginary1 Postgres imaginary2 Registered Drivers

Connecting to the Database Every database is identified by a URL Given a URL, DriverManager looks for the driver that can talk to the corresponding database DriverManager tries all registered drivers, until a suitable one is found How is this done?

Connecting to the Database Connection con =  DriverManager.getConnection("jdbc:imaginaryDB1"); acceptsURL("jdbc:imaginaryDB1")? a r r imaginary1 Postgres imaginary2 Registered Drivers

The URLs in HUJI-CS In CS, the URL has the following structure: jdbc:postgresql://pgserver/public?user=?? Your login The machine running PostgrSQL You can only access your own account!

Hello World Example import java.sql.*; public class HelloWorld { public static void main(String[] str) throws Exception { Class.forName("org.postgresql.Driver"); Connection con = DriverManager.getConnection("jdbc:postgresql://pgserver/public?us er=me"); Statement stmt = con.createStatement(); ResultSet rs = stmt.executeQuery("select 'hello world'"); while(rs.next()) { System.out.println(rs.getString(1)); } stmt.close(); rs.close(); con.close();

Hello World Example import java.sql.*; public class HelloWorld { public static void main(String[] str) throws Exception { Class.forName("org.postgresql.Driver"); Connection con = DriverManager.getConnection("jdbc:postgresql://pgserver/public?use r=me"); Statement stmt = con.createStatement(); ResultSet rs = stmt.executeQuery("select 'hello world'"); while(rs.next()) { System.out.println(rs.getString(1)); } stmt.close(); rs.close(); con.close();

Interaction with the Database We use Statement objects in order to Query the db Update the db (insert, update, create, drop, …) Three different interfaces are used: Statement, PreparedStatement, CallableStatement All are interfaces, hence cannot be instantiated They are created by the Connection

Querying with Statement String queryStr = "SELECT * FROM Member " + "WHERE Lower(Name) = 'harry potter'"; Statement stmt = con.createStatement(); ResultSet rs = stmt.executeQuery(queryStr); executeQuery returns a ResultSet object representing the query result (discussed later…)

Changing DB with Statement String deleteStr = "DELETE FROM Member " + "WHERE Lower(Name) = 'harry potter'"; Statement stmt = con.createStatement(); int delnum = stmt.executeUpdate(deleteStr); executeUpdate is for data manipulation: insert, delete, update, create table, etc. Anything other than querying! executeUpdate returns the number of rows modified (or 0 for DDL commands)

About Prepared Statements Prepared statements are used for queries that are executed many times Parsed (compiled) by the DBMS only once Values of some columns are set after compilation Instead of values, use ‘?’ and setType methods Hence, prepared statements can be thought of as statements that contain placeholders to be substituted later with actual values

Querying with PreparedStatement String q = "SELECT * FROM Items " + "WHERE Name = ? and Cost < ?"; PreparedStatement pstmt=con.prepareStatement(q); pstmt.setString(1, "t-shirt"); pstmt.setInt(2, 1000); ResultSet rs = pstmt.executeQuery();

Updating with PreparedStatement String dq = "DELETE FROM Items " + "WHERE Name = ? and Cost > ?"; PreparedStatement pstmt = con.prepareStatement(dq); pstmt.setString(1, "t-shirt"); pstmt.setInt(2, 1000); int delnum = pstmt.executeUpdate();

Statement vs. PreparedStatement: Be Careful! Are these the same? What do they do? String val = "abc"; PreparedStatement pstmt = con.prepareStatement("select * from R where A=?"); pstmt.setString(1, val); ResultSet rs = pstmt.executeQuery(); String val = "abc"; Statement stmt = con.createStatement( ); ResultSet rs = stmt.executeQuery("select * from R where A=" + val);

What can be Assigned to “?” Will this work? No!!! “?” can only represent a column value (to enable pre-compilation) PreparedStatement pstmt = con.prepareStatement("select * from ?"); pstmt.setString(1, myFavoriteTableString);

PreparedStatement and Security Suppose Google was implemented in JDBC without a PreparedStatement. The main DB query might have been implemented like this: Statement s; s.executeQuery("SELECT URL,Title from Internet " + "WHERE Content LIKE ‘%" + searchString + "%’"); What would happen if a hacker searched for: aaaaa’ UNION SELECT Company AS URL, CreditCardNum AS Title FROM AdvertisingClients WHERE Company LIKE ‘

PreparedStatement and Security We would get: Statement s; s.executeQuery( "SELECT URL,Title from Internet WHERE Content LIKE ‘%aaaaa’ UNION SELECT Company AS URL, CreditCardNum AS Title FROM AdvertisingClients WHERE Company LIKE ‘%’ ”) This technique is known as SQL Injection and is the main reason for using PreparedStatements

Some Famous SQL-Injections 2009, the United States Justice Department charged an American citizen Albert Gonzalez and two unnamed Russians with the theft of 130 million credit card numbers using an SQL injection attack  2010 the British Royal Navy website was compromised by TinKode using SQL injection.  2011, mysql.com, the official homepage for MySQL, was compromised by TinKode using SQL blind injection 2011, "hacktivists" of the group Lulzsec were accused of using SQLI to steal coupons, download keys, and passwords that were stored in plaintext on Sony's website, accessing the personal information of a million users

Timeout Use setQueryTimeOut(int seconds) of Statement to set a timeout for the driver to wait for a query to be completed If the operation is not completed in the given time, an SQLException is thrown What is it good for?

Hello World Example import java.sql.*; public class HelloWorld { public static void main(String[] str) throws Exception { Class.forName("org.postgresql.Driver"); Connection con = DriverManager.getConnection("jdbc:postgresql://pgserver/public?use r=me"); Statement stmt = con.createStatement(); ResultSet rs = stmt.executeQuery("select 'hello world'"); while(rs.next()) { System.out.println(rs.getString(1)); } stmt.close(); rs.close(); con.close();

ResultSet ResultSet objects provide access to the tables generated as results of executing Statement queries Only one ResultSet per Statement or PreparedStatement can be open at a given time! The table rows are retrieved in sequence A ResultSet maintains a cursor pointing to its current row next() moves the cursor to the next row

ResultSet Methods boolean next() void close() Activates the next row First call to next() activates the first row Returns false if there are no more rows Not all of the next calls actually involve the DB void close() Disposes of the ResultSet Allows to re-use the Statement that created it Automatically called by most Statement methods

ResultSet Methods (cont’d) Type getType(int columnIndex) Returns the given field as the given type Indices start at 1 and not 0! Add the column name as a comment if it is known! Type getType(String columnName) Same, but uses name of field Less efficient (but may not be your bottleneck anyway) Examples: getString(5), getInt(“salary”), getTime(…), getBoolean(…), ... int findColumn(String columnName) Looks up column index given column name

ResultSet Example Statement stmt = con.createStatement(); ResultSet rs = stmt. executeQuery("select name,age from Employees");     // Print the result while(rs.next()) {   System.out.print(rs.getString(1) + ":");   System.out.println(rs.getShort("age")); }

Mapping Java Types to SQL Types CHAR, VARCHAR, LONGVARCHAR String NUMERIC, DECIMAL java.math.BigDecimal BIT boolean TINYINT byte SMALLINT short INTEGER int BIGINT long REAL float FLOAT, DOUBLE double BINARY, VARBINARY, BYTEA byte[] DATE java.sql.Date TIME java.sql.Time TIMESTAMP java.sql.Timestamp

Null Values In SQL, NULL means the field is empty Not the same as 0 or “”! In JDBC, you must explicitly ask if the last-read field was null ResultSet.wasNull(column) For example, getInt(column) will return 0 if the value is either 0 or NULL!

Null Values When inserting null values into placeholders of a PreparedStatement: Use setNull(index, Types.sqlType) for primitive types (e.g. INTEGER, REAL); For object types (e.g. STRING, DATE) you may also use setType(index, null)

An example: Write the columns of the result set Result-Set Meta-Data A ResultSetMetaData is an object that can be used to get information about the properties of the columns in a ResultSet object An example: Write the columns of the result set ResultSetMetaData rsmd = rs.getMetaData(); int numcols = rsmd.getColumnCount(); for (int i = 1 ; i <= numcols; i++) System.out.print(rsmd.getColumnLabel(i)+" ");

Database Time java.sql.Date java.sql.Time java.sql.Timestamp Java defines three classes to help process time java.sql.Date year, month, day java.sql.Time hours, minutes, seconds java.sql.Timestamp year, month, day, hours, minutes, seconds, nanoseconds Usually use this one

Hello World Example import java.sql.*; public class HelloWorld { public static void main(String[] str) throws Exception { Class.forName("org.postgresql.Driver"); Connection con = DriverManager.getConnection("jdbc:postgresql://pgserver/public?use r=me"); Statement stmt = con.createStatement(); ResultSet rs = stmt.executeQuery("select 'hello world'"); while(rs.next()) { System.out.println(rs.getString(1)); } stmt.close(); rs.close(); con.close();

Cleaning Up After Yourself Remember: close Connections, Statements, Prepared Statements and Result Sets con.close(); stmt.close(); pstmt.close(); rs.close()

Dealing With Exceptions An SQLException is actually a list of exceptions catch (SQLException e) { while (e != null) { System.out.println(e.getSQLState()); System.out.println(e.getMessage()); System.out.println(e.getErrorCode()); e = e.getNextException(); }}

Transaction Management

Transactions and JDBC Transaction: more than one statement that must all succeed (or all fail) together e.g., updating several tables due to customer purchase Failure− System must reverse all previous actions Also can’t leave DB in inconsistent state halfway through a transaction COMMIT = complete transaction ROLLBACK = cancel all actions

What happens if this update fails? An Example Suppose that we want to transfer money from bank account 13 to account 72: PreparedStatement pstmt = con.prepareStatement("update BankAccount set amount = amount + ? where accountId = ?"); pstmt.setInt(1,-100); pstmt.setInt(2, 13); pstmt.executeUpdate(); pstmt.setInt(1, 100); pstmt.setInt(2, 72); What happens if this update fails?

Transaction Lifetime Transactions are not opened and closed explicitly A transaction starts on 1st (successful) command After a connection is established After the previous transaction ends A transaction ends when COMMIT or ROLLBACK are applied Either explicitly or implicitly (see next 4 slides)

Committing a Transaction How do we commit? Explicitly invoking Connection.commit() Implicitly After every query execution, if AutoCommit is true When the user normally disconnects (i.e., appropriately closes the connection) In some DBs: After invoking a DDL command (CREATE, DROP, RENAME, ALTER, …)

Automatic Commitment A Connection object has a boolean AutoCommit If AutoCommit is true (default), then every statement is automatically committed If AutoCommit is false, then each statement is added to an ongoing transaction Change using setAutoCommit(boolean) If AutoCommit is false, need to explicitly commit or rollback the transaction using Connection.commit() and Connection.rollback()

Rolling Back Rolling Back: Undoing any change to data within the current transaction The ROLLBACK command explicitly rolls back (and ends) the current transaction ROLLBACK is implicitly applied when the user abnormally disconnects (i.e., without appropriately closing the connection)

Fixed Example con.setAutoCommit(false); try { PreparedStatement pstmt = con.prepareStatement("update BankAccount set amount = amount + ? where accountId = ?"); pstmt.setInt(1,-100); pstmt.setInt(2, 13); pstmt.executeUpdate(); pstmt.setInt(1, 100); pstmt.setInt(2, 72); pstmt.executeUpdate(); con.commit(); catch (SQLException e) { con.rollback(); …; }

Be Careful Suppose we have private functions deposit and withdraw (doing the expected) Would the following function do what we want? public void transfer (int value, int acc1, int acc2) try { deposit(value, acc1); withdraw(value, acc2); con.commit(); } catch (SQLException e) { con.rollback(); …; }

Transaction Isolation There is still a lot more to discuss about transactions: How do different transactions interact? Does a running transaction see uncommitted changes? Does it see committed changes? Details later in the course…