feat(jdbc-sqlite): add parameterized query using PreparedStatement in Call.java

Someshdiwan · Someshdiwan · commit b2f1a1efb41a · 2025-09-21T18:35:51.000+05:30
What - Introduced `Call.java` under Section28JDBCusingSQLite. - Demonstrates executing parameterized SELECT queries with JDBC. - Uses `PreparedStatement` to fetch student records by `deptno`. Why - Prevents SQL injection by avoiding string concatenation in queries. - Enhances code readability and maintainability with reusable query templates. - Provides safer way to filter results dynamically with parameters. How - Setup: - Loaded SQLite JDBC driver: `Class.forName("org.sqlite.JDBC")`. - Established database connection with `DriverManager.getConnection(url)`. - Execution: - Created `PreparedStatement` with query: `SELECT * FROM students WHERE deptno = ?`. - Bound parameter `deptno = 10` via `setInt(1, 10)`. - Executed query and iterated `ResultSet` to print student details (roll, name, city, deptno). - Cleanup: - Closed `ResultSet`, `PreparedStatement`, and `Connection` properly. Key Notes - SQLite does not support stored procedures → parameterized queries via `PreparedStatement` are the alternative. - `%d | %s | %s | %d` format ensures neatly aligned output for each student row. - Placeholders (`?`) allow dynamic query reuse without rewriting SQL strings. Real-life Applications - Login systems: validating username/password safely against DB. - Student management: fetching students by department/grade dynamically. - E-commerce apps: querying products by category or price range. - Banking apps: retrieving transactions by account number securely. Future Improvements - Add multiple parameters (e.g., `deptno` + `city`) for advanced filtering. - Wrap code in try-with-resources for automatic cleanup. - Implement pagination using `LIMIT` and `OFFSET` for large result sets. - Abstract query execution into utility/service classes for reusability. Signed-off-by: https://github.com/Someshdiwan <someshdiwan369@gmail.com>
diff --git a/Section28JDBCusingSQLite/JAVA SQL Interfaces/CallableStatement/src/Call.java b/Section28JDBCusingSQLite/JAVA SQL Interfaces/CallableStatement/src/Call.java
@@ -1,2 +1,27 @@
+import java.sql.*;
+
 public class Call {
+    public static void main(String[] args) throws Exception {
+        Class.forName("org.sqlite.JDBC");
+        String url = "jdbc:sqlite:/Users/somesh/Java SE/JavaEvolution-Learning-Growing-Mastering/Section28JDBCusingSQLite/univ.db";
+
+        Connection con = DriverManager.getConnection(url);
+
+        // Use PreparedStatement because SQLite does not support stored procedures
+        PreparedStatement cst = con.prepareStatement("SELECT * FROM students WHERE deptno = ?");
+        cst.setInt(1, 10); // example department
+
+        ResultSet rs = cst.executeQuery();
+        while (rs.next()) {
+            System.out.printf("%d | %s | %s | %d%n",
+                    rs.getInt("roll"),
+                    rs.getString("name"),
+                    rs.getString("city"),
+                    rs.getInt("deptno"));
+        }
+
+        rs.close();
+        cst.close();
+        con.close();
+    }
 }
