Java Reference
In-Depth Information
70
"where Student.ssn = '"
+ ssn +
"' and Enrollment.courseId "
71 +
"= '"
+ courseId +
72
"' and Enrollment.courseId = Course.courseId "
+
73
" and Enrollment.ssn = Student.ssn"
;
74
75
ResultSet rset = stmt.executeQuery(queryString);
76
77
if
(rset.next()) {
78 String lastName = rset.getString(
1
);
79 String mi = rset.getString(
2
);
80 String firstName = rset.getString(
3
);
81 String title = rset.getString(
4
);
82 String grade = rset.getString(
5
);
83
84
// Display result in a label
85 lblStatus.setText(firstName +
" "
+ mi +
86
" "
+ lastName +
"'s grade on course "
+ title +
" is "
+
87 grade);
88 }
else
{
89 lblStatus.setText(
"Not found"
);
90 }
91 }
92
catch
(SQLException ex) {
93 ex.printStackTrace();
94 }
95 }
96 }
The
initializeDB()
method (lines 42-62) loads the MySQL driver (line 45), connects
to the MySQL database on host
liang.armstrong.edu
(lines 50-51) and creates a state-
ment (line 57).
Note
There is a
security hole
in this program. If you enter
1' or true or '1
in the
SSN
field, you will get the first student's score, because the query string now becomes
security hole
select
firstName, mi, lastName, title, grade
from
Student, Enrollment, Course
where
Student.ssn =
'1'
or
true
or
'1'
and
Enrollment.courseId =
' '
and
Enrollment.courseId = Course.courseId
and
Enrollment.ssn = Student.ssn;
You can avoid this problem by using the
PreparedStatement
interface, which is
discussed in the next section.
32.14
What are the advantages of developing database applications using Java?
32.15
Describe the following JDBC interfaces:
Driver
,
Connection
,
Statement
, and
ResultSet
.
32.16
How do you load a JDBC driver? What are the driver classes for MySQL, Access,
and Oracle?
32.17
How do you create a database connection? What are the URLs for MySQL, Access,
and Oracle?
✓
✓
Check
Point
32.18
How do you create a
Statement
and execute an SQL statement?
32.19
How do you retrieve values in a
ResultSet
?
32.20
Does JDBC automatically commit a transaction? How do you set autocommit to false?
Search WWH ::
Custom Search