feat(jdbc-sqlite): add interactive query execution with user input in Statements.java

What
- Added `Statements.java` under Section28JDBCusingSQLite package.
- Demonstrates executing parameterized SELECT queries using `PreparedStatement`.
- Integrated `Scanner` to allow dynamic `deptno` input from the user.
- Prints student records in a formatted structure or informs when no records are found.

Why
- Highlights secure and flexible query execution by combining JDBC with user input.
- Avoids SQL injection by binding parameters via `PreparedStatement` instead of string concatenation.
- Improves user experience with real-time query input/output.
- Shows practical usage of `ResultSet.isBeforeFirst()` to detect empty results.

How
- Setup:
  - Loaded SQLite JDBC driver with `Class.forName("org.sqlite.JDBC")`.
  - Established connection to `univ.db` SQLite database.
- Execution:
  - Prepared query: `select * FROM students where deptno=?`.
  - Prompted user for a department number (`deptno`) via `Scanner`.
  - Bound parameter dynamically using `pstm.setInt(1, dno)`.
  - Executed query with `executeQuery()`.
- Output:
  - Checked if any records exist with `rs.isBeforeFirst()`.
  - Iterated through `ResultSet`, printing student details (roll, name, city, deptno).
  - Displayed "record not found" if no matching rows exist.
- Cleanup:
  - Closed `PreparedStatement` and connection to release resources.

Key Notes
- `PreparedStatement` ensures safer, cleaner, and reusable SQL queries.
- `isBeforeFirst()` is useful for detecting empty results without iterating.
- Scanner allows runtime interaction with the database, simulating real-world applications.
- Example output format:
  `101 | Alice | Delhi | 10 |`

Real-life Applications
- University management systems: fetch students by department dynamically.
- Employee systems: filter employees by department, branch, or role.
- Banking apps: query transactions by account/branch ID.
- Interactive console-based reporting tools for admins.

Future Improvements
- Add error handling for invalid input (e.g., non-numeric deptno).
- Implement try-with-resources for automatic cleanup of JDBC objects.
- Enhance output formatting into tabular form for readability.
- Extend functionality to allow updates, inserts, and deletes via user input.

Signed-off-by: https://github.com/Someshdiwan <[email protected]>

Author: Someshdiwan

Section28JDBCusingSQLite/JAVA SQL Interfaces/Prepared Statements/src/Statements.java

@@ -1,34 +1,17 @@
-//it is an interface.
-//We don't create the obj we create the obj of the
-//statement using connection. we handle it using references.
-//        Statement = createstatement(); //obj of statement we are creating here.
-
-//        stm.executeQuery(select * from students);
-//        stm.executeuppdate("DML: ");
-
-//Three types of statements:
-
-//Statement
-//PreparedStatement:
-//How to create prep statement();
-//Prep statement execute multiple times by changing thr parameter.
-
-
-//Callable statement: used fot invoking a stored procedures.
-//In some databases they support some program along with a database.
-
-
 import java.sql.*;
 import java.util.Scanner;
 
 public class Statements {
     public static void main(String[] args)throws Exception {
         Class.forName("org.sqlite.JDBC");
-        //Invoke drivers
+        //Invoke drivers.
 
         //Connection is Establish.
-        Connection con = DriverManager.getConnection("jdbc:sqlite:C:/sqlite/univ.db");
-        System.out.println("✅ Connection Established!");
+        // Connection is Established.
+        Connection con = DriverManager.getConnection(
+                "jdbc:sqlite:/Users/somesh/Java SE/JavaEvolution-Learning-Growing-Mastering/Section28JDBCusingSQLite/univ.db"
+        );
+        System.out.println("Connection Established!");
 
         PreparedStatement pstm = con.prepareStatement("select * FROM students where deptno=?");
 
@@ -53,16 +36,82 @@ public static void main(String[] args)throws Exception {
             }
         }
 
-//       / 7. Check if any records were found
-//        boolean recordFound = false;
+        /* 7. Check if any records were found */
+        boolean recordFound = false;
 
-//        // 8. If no records were found, print a message
-//        if (!recordFound) {
-//            System.out.println("❌ No records found for deptno = " + dno);
-//        }
+        // 8. If no records were found, print a message
+        /*
+        if (!recordFound) {
+            System.out.println("❌ No records found for deptno = " + dno);
+        }
+        */
 
         pstm.close(); //close the statement.
         pstm.close(); //Connection close.
-        System.out.println("✅ Connection Closed.");
+        System.out.println("Connection Closed.");
     }
-}
+}
+
+/*
+It is an interface.
+We don't create the object directly, we create the object of the Statement using Connection. We handle it using references.
+
+Statement stm = con.createStatement();  // obj of statement we are creating here.
+
+stm.executeQuery("select * from students");
+stm.executeUpdate("DML: ");
+
+Three types of Statements:
+1. Statement
+   - Normal queries run karne ke liye.
+
+2. PreparedStatement
+   - How to create: con.prepareStatement();
+   - PreparedStatement execute multiple times by changing the parameter.
+
+3. CallableStatement
+   - Used for invoking a stored procedure.
+   - In some databases, they support some programs along with a database.
+*/
+
+/*
+1. JDBC Driver Load:
+   - `Class.forName("org.sqlite.JDBC");`
+   - Isse SQLite JDBC driver memory me load ho jaata hai.
+   ✔ Without driver, Java ko DB samajh hi nahi aayega.
+
+2. Connection Establishes:
+   - `DriverManager.getConnection("jdbc:sqlite:...univ.db")`
+   - SQLite database `univ.db` ke saath connection establish ho jaata hai.
+   ✔ Ye bridge hai Java program aur DB ke beech.
+
+3. PreparedStatement:
+   - `PreparedStatement pstm = con.prepareStatement("select * FROM students where deptno=?");`
+   - Yaha query pre-compiled hoti hai aur hum `?` ke jagah runtime par values inject karte hain.
+   ✔ SQL injection avoid karne ke liye safe hai.
+
+4. Input from User:
+   - Scanner se dept number input liya jaata hai (`dno`).
+   - `pstm.setInt(1, dno);` → query me pehle `?` ke jagah deptno daal diya.
+
+5. Execute Query:
+   - `ResultSet rs = pstm.executeQuery();`
+   - Database se matching rows return hoti hain.
+
+6. ResultSet Handling:
+   - `isBeforeFirst()` → check karta hai ki ResultSet empty hai ya nahi.
+   - Agar records mile → loop me har row ke `roll`, `name`, `city`, `deptno` print ho jaate hain.
+
+7. Closing:
+   - `pstm.close();`
+   - `con.close();` (tumhare code me galti se `pstm.close()` do baar likha hai – ek baar `con.close()` hona chahiye).
+   ✔ Always close resources to free DB locks and memory.
+
+✔ Program SQLite database ke `students` table se records fetch karta hai.
+✔ User se deptno input leta hai aur sirf us deptno wale students ko print karta hai.
+✔ PreparedStatement safe hai (SQL injection nahi hoga).
+✔ Properly connection close karke resources release kiye jaate hain.
+
+Ye ek search utility hai. Tum department number enter karte ho, aur program database ke students table me se us
+department ke sabhi students ki details print kar deta hai (roll, name, city, deptno).
+*/