Skip to content

Commit 96a5497

Browse files
SomeshdiwanSomeshdiwan
committed
feat(jdbc-sqlite): demonstrate secure querying with Prepared Statements
What - Introduced `Prepared Statements` example under Section28JDBCusingSQLite. - Showcases how to execute parameterized SQL queries using `PreparedStatement`. - Demonstrates binding input values dynamically (e.g., deptno). - Prints student records matching the query or notifies when no data is found. Why - Prevents SQL injection by avoiding direct string concatenation in queries. - Provides reusability: same SQL template can be executed with different parameters. - Improves performance as the query is compiled once and reused by the database engine. - Enhances clarity and safety compared to plain `Statement`. How - Loaded SQLite JDBC driver (`Class.forName("org.sqlite.JDBC")`). - Established connection to `univ.db` database via `DriverManager`. - Prepared a query template: `SELECT * FROM students WHERE deptno = ?`. - Bound parameter using `pstm.setInt(1, dno)`. - Executed query with `executeQuery()` and iterated through `ResultSet`. - Printed student details (roll, name, city, deptno) in structured format. - Closed JDBC resources (`PreparedStatement`, `Connection`) after execution. Key Notes - `?` placeholders allow flexible runtime parameter substitution. - Use `setInt`, `setString`, etc. depending on parameter type. - Safer than concatenating user input into raw SQL strings. - `PreparedStatement` improves both performance and security. Real-life Applications - Login systems: verify username/password securely. - E-commerce: filter products by category, price, or stock availability. - Banking: fetch transactions by account number or date range. - HR systems: query employees by department, role, or salary band. Future Improvements - Add multiple parameters to demonstrate complex queries (e.g., deptno + city). - Integrate try-with-resources to simplify resource management. - Extend to INSERT, UPDATE, DELETE queries using `PreparedStatement`. - Implement input validation for better user interaction. Signed-off-by: https://github.com/Someshdiwan <[email protected]>
1 parent 181a8df commit 96a5497

File tree

1 file changed

+0
-0
lines changed
  • Section28JDBCusingSQLite/JAVA SQL Interfaces/Prepared Statements/src

1 file changed

+0
-0
lines changed

Section28JDBCusingSQLite/JAVA SQL Interfaces/Statements.png renamed to Section28JDBCusingSQLite/JAVA SQL Interfaces/Prepared Statements/src/Statements.png

File renamed without changes.

0 commit comments

Comments
 (0)