Presentation is loading. Please wait.

Presentation is loading. Please wait.

JDBC CS 260 Database Systems. Overview  Introduction  JDBC driver types  Eclipse project setup  Programming with JDBC  Prepared statements  SQL.

Published byMarvin Barber Modified over 9 years ago

Similar presentations

Presentation on theme: "JDBC CS 260 Database Systems. Overview  Introduction  JDBC driver types  Eclipse project setup  Programming with JDBC  Prepared statements  SQL."— Presentation transcript:

1 JDBC CS 260 Database Systems

2 Overview  Introduction  JDBC driver types  Eclipse project setup  Programming with JDBC  Prepared statements  SQL injection attacks  Best practices

3 Introduction  JDBC (Java Database Connectivity) is a technology that allows Java applications to communicate with a database  Manages connections between the application and the database  Send DDL and DML statements to the database  Call stored database programs  Java applications interact with database-specific drivers  e.g. Oracle vs. MySQL

4 Overview  Introduction  JDBC driver types  Eclipse project setup  Programming with JDBC  Prepared statements  SQL injection attacks  Best practices

5 JDBC Driver Types  Type 1: JDBC-ODBC bridge  JDBC calls are converted to ODBC function calls ODBC (Open Database Connectivity) is intended to be database and OS independent  Useful in situations where a Java application needs to communicate with an existing ODBC driver

6 JDBC Driver Types  Type 2: Native-API Driver  JDBC calls are converted to native calls of the database API  Useful in situations where an ODBC driver isn’t needed and an existing database library API exists

7 JDBC Driver Types  Type 3: Network-Protocol Driver  JDBC calls are converted directly or indirectly into the vendor-specific database protocol(s) by a middle-tier application server  Useful in situations where such an application server exists Reduces application ties to vendor-specific database systems

8 JDBC Driver Types  Type 4: Database-Protocol Driver  JDBC calls sent directly to a vendor-specific database  Useful in situations where the application is tied to a vendor- specific database We’ll use this “thin” driver in our applications

9 Overview  Introduction  JDBC driver types  Eclipse project setup  Programming with JDBC  Prepared statements  SQL injection attacks  Best practices

10 Eclipse Project Setup  Download and import the appropriate JDBC driver jar file (Oracle thin client driver available on web)  Copy the jar file to your project in the file system  Done here in a “lib” directory at the project root  Import the jar file to your project  You may need to “refresh” your project first  Add the jar to your project’s build path Select your project > Project > Properties > Java Build Path > Libraries tab > Add JARs

11 Eclipse Project Setup Step 3: Project > Properties > Java Build Path > Libraries Tab > “Add JARs…” button > jar selection Step 1: jar file manually copied to the project’s lib directory Step 2: Eclipse project refreshed, making the jar file visible Step 4: You should see the jar file here > OK (unseen here)

12 Overview  Introduction  JDBC driver types  Eclipse project setup  Programming with JDBC  Prepared statements  SQL injection attacks  Best practices

13 Programming with JDBC  Steps  Import the Java sql package  Create a database connection object using… The JDBC driver identifier and database URL Database user credentials  Create “Statement” objects as needed using… The database connection A string containing the SQL to execute  Execute the statement, which may return a “ResultSet” Iterate through the records in the ResultSet, accessing field values one record at a time  Close the ResultSet, Statement, and Connection objects

14 Programming with JDBC Import the Java sql package Create a database connection object

15 Programming with JDBC Create a statement object Create a resultset object Iterate through the records in the resultset accessing field values one record at a time

16 Programming with JDBC  Executing a statement object  executeQuery(String sql) Useful for executing SELECT statements Returns a ResultSet object  executeUpdate(String sql) Useful for executing INSERT, UPDATE, and DELETE statements Returns the number of rows affected  execute(String sql) Useful for executing DDL statements Returns a boolean value indicating whether a ResultSet object can be retrieved

17 Programming with JDBC  Using the ResultSet object  next() Retrieves the next record in the results (if it exists) Returns a boolean indicating whether or not another record exists in the result set  getString(String fieldName) Returns the value of the input field name for the current record in the result set and formats it as a String Similar methods exist for other types getInt(String), getDate(String), getObject (String) These also return and format values in the result set

18 Programming with JDBC  Close these objects in a finally block so that they are closed regardless of whether or not an exception occurs  Some third party libraries will do this for you if you use their database connectivity utilities Close the ResultSet, Statement, and Connection objects

19 Overview  Introduction  JDBC driver types  Eclipse project setup  Programming with JDBC  Prepared statements  SQL injection attacks  Best practices

20 Prepared Statements  The Statement objects that we’ve seen thus far execute static SQL commands  Applications often need to execute dynamic queries based on user input  The PreparedStatement class allows for dynamic queries whose values may be provided at runtime  Prepared statements are compiled using placeholders for parameters  These parameters are then inserted using values provided by the user at runtime

21 Prepared Statements  Why use prepared statements?  More efficient than Statement objects that accept an SQL string constructed at runtime  Prevents SQL injection attacks when used to execute action queries More on this shortly…  Approach  Create a query string using ? as a placeholder for a parameter value Do not include single quotes for strings  Use set methods to specify parameter values for the ? placeholders

22 Prepared Statements  Examples  Retrieving data  Updating data Parameter assignment begins with 1 (not 0) Call PreparedStatement’s executeQuery() method when executing a SELECT statement Call PreparedStatement’s executeUpdate() method when executing an INSERT, UPDATE, or DELETE statement

23 Prepared Statements  Type conversions between Oracle data types and Java data types  The same Oracle/Java data types are compatible using the JDBC getXXX() methods

24 Overview  Introduction  JDBC driver types  Eclipse project setup  Programming with JDBC  Prepared statements  SQL injection attacks  Best practices

25 SQL Injection Attacks  An SQL injection attack is an attack on a database- driven application in which the attacker executes unauthorized SQL commands  Possible when a query is constructed using user input values  They can be prevented using input validation  Example  http://leela.cs.uwec.edu:8080/CS268/Examples/JSP/ sqlInjection/login.htm

26 SQL Injection Attacks  Injection types  Incorrectly filtered escape characters  Incorrect query termination statement = “SELECT * FROM data WHERE id = “ + someId; User input (stored in someId): 1;DROP TABLE users Rendered as: SELECT * FROM DATA WHERE id=1;DROP TABLE users statement = “SELECT * FROM users WHERE name = ‘” + userName + “’ AND password = ‘” + userPassword + “’”; User input (stored in both variables): ‘ OR ‘t’ = ‘t Rendered as: SELECT * FROM users WHERE name=‘’ OR ‘t’=‘t’ AND password = ‘’ OR ‘t’=‘t’

27 SQL Injection Attacks  How to prevent SQL injection attacks  Prepared statements will prevent these types of SQL injection attacks Other programming languages have “parameterized” statements similar to JDBC’s “prepared” statements  Filtering Manually parse and remove dangerous characters from user input May be difficult to anticipate all possibilities

28 Overview  Introduction  JDBC driver types  Eclipse project setup  Programming with JDBC  Prepared statements  SQL injection attacks  Best practices

29 Best Practices  Close JDBC related objects (connections, statements, result sets, etc.) in a finally block whenever possible  This ensures that these objects will be closed whether or not an exception occurs  The database limits the number of open connections that a user can have Could max out if left open  Use prepared statements whenever a query requires parameters  Safer and more efficient

30 Best Practices  Minimize database connections whenever possible  These are expensive and can be reused  Some 3 rd party libraries can manage database “connection pools” for you  Decouple your application’s business logic and data models from JDBC usage as much as possible  Allows your application to use other data sources more easily

Download ppt "JDBC CS 260 Database Systems. Overview  Introduction  JDBC driver types  Eclipse project setup  Programming with JDBC  Prepared statements  SQL."

Similar presentations

Connecting to Databases. relational databases tables and relations accessed using SQL database -specific functionality –transaction processing commit.

Connecting to Databases. relational databases tables and relations accessed using SQL database -specific functionality –transaction processing commit.
Java Database Connectivity (JDBC). 2/24 JDBC (Java DataBase Connectivity) - provides access to relational database systems JDBC is a vendor independent.

Java Database Connectivity (JDBC). 2/24 JDBC (Java DataBase Connectivity) - provides access to relational database systems JDBC is a vendor independent.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 13 Introduction to SQL Programming Techniques.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 13 Introduction to SQL Programming Techniques.
Distributed Application Development B. Ramamurthy.

Distributed Application Development B. Ramamurthy.
15-Jun-15 JDBC. JDBC is a Sun trademark It is often taken to stand for Java Database Connectivity Java is very standardized, but there are many versions.

15-Jun-15 JDBC. JDBC is a Sun trademark It is often taken to stand for Java Database Connectivity Java is very standardized, but there are many versions.
1 JDBC Java Database Connectivity. 2 c.pdf

1 JDBC Java Database Connectivity. 2 c.pdf
1 C. Shahabi Application Programming for Relational Databases Cyrus Shahabi Computer Science Department University of Southern California

1 C. Shahabi Application Programming for Relational Databases Cyrus Shahabi Computer Science Department University of Southern California
1 Lecture 29 More on JDBC Overview  Objectives of this lecture  JDBC and its Drivers  Connecting to Databases (Java’s Connection class)  Querying a.

1 Lecture 29 More on JDBC Overview  Objectives of this lecture  JDBC and its Drivers  Connecting to Databases (Java’s Connection class)  Querying a.
JAVA JDBC JAVA JDBC Java Database Programming Lamiaa Said.

JAVA JDBC JAVA JDBC Java Database Programming Lamiaa Said.
JDBC / ODBC JDBC is the java API that facilitate interaction of a java application with the DBMS. FIRST APPROACH:

JDBC / ODBC JDBC is the java API that facilitate interaction of a java application with the DBMS. FIRST APPROACH:
Dale Roberts 8/24/2015 1 Department of Computer and Information Science, School of Science, IUPUI Dale Roberts, Lecturer Computer Science, IUPUI E-mail:

Dale Roberts 8/24/ Department of Computer and Information Science, School of Science, IUPUI Dale Roberts, Lecturer Computer Science, IUPUI
Advance Computer Programming Java Database Connectivity (JDBC) – In order to connect a Java application to a database, you need to use a JDBC driver. –

Advance Computer Programming Java Database Connectivity (JDBC) – In order to connect a Java application to a database, you need to use a JDBC driver. –
Getting connected.  Java application calls the JDBC library.  JDBC loads a driver which talks to the database.  We can change database engines without.

Getting connected.  Java application calls the JDBC library.  JDBC loads a driver which talks to the database.  We can change database engines without.
Java Database Connectivity (JDBC) Francisco Pajaro Saul Acosta Nahum Quezada Manuel Rubio.

Java Database Connectivity (JDBC) Francisco Pajaro Saul Acosta Nahum Quezada Manuel Rubio.
1 Java Database Connection (JDBC) There are many industrial-strength DBMS's commercially available in the market. Oracle, DB2, and Sybase are just a few.

1 Java Database Connection (JDBC) There are many industrial-strength DBMS's commercially available in the market. Oracle, DB2, and Sybase are just a few.
CSCI 6962: Server-side Design and Programming JDBC Database Programming.

CSCI 6962: Server-side Design and Programming JDBC Database Programming.
June 1, 2000 Object Oriented Programming in Java (95-707) Java Language Basics 1 Lecture 8 Object Oriented Programming in Java Advanced Topics Java Database.

June 1, 2000 Object Oriented Programming in Java (95-707) Java Language Basics 1 Lecture 8 Object Oriented Programming in Java Advanced Topics Java Database.
Java Database Connectivity Vijayan Sugumaran Department of DIS Oakland University.

Java Database Connectivity Vijayan Sugumaran Department of DIS Oakland University.
© Wang Bin 2004 JDBC ----Java Database Connectivity.

© Wang Bin 2004 JDBC ----Java Database Connectivity.
CSE470 Software Engineering Fall 2000 1 Database Access through Java.

CSE470 Software Engineering Fall Database Access through Java.

Similar presentations

Ads by Google