Java JDBC SQL Statement Interface
Interface Statement
Java SQL Statement
SQL Statement
java.sql.Statement Interface
A Statement is an interface that represents a Java SQL statement. When you execute Statement objects, then they generate ResultSet objects, which is a table of data representing a database result set. You need a Connection object to create a Statement object.
The execute method of java.sql.Statement executes an SQL statement and indicates the form of the first result. You must then use the methods getResultSet or getUpdateCount to retrieve the result, and getMoreResults to move to any subsequent result(s).
What is Java JDBC Statement ?
The Java JDBC Statement is a java.sql.Statement interface that sending insert statements, select statements, update statements and delete statements to databases using JDBC connection.
What are the Advantages of java.sql.Statement ?
- Send queries and update statements to the database.
- Insert records in to table.
- Select ( Retrieve ) records from table.
- Update records in a table.
- Delete records from table.
- Create database.
- Create and alter tables in database.
- Create and alter views in a database.
- Create indexes on tables.
What are the Disadvantages of java.sql.Statement ?
- You can not change query statement dynamically.
- You can not pass parameters dynamically.
- It can not prevent SQL injection ( SQLi ) attacks.
What is SQL Injection ( SQLi ) ?
SQL Injection in short SQLi is a SQL code ( either good or bad code ) injects through web parameter value into SQL statements, that allows an attacker to interfere with the queries of a database. These attacks either steal the information from database or damage the database with bad SQL code. So java.sql.Statement is not recommended to use with parameters as it won't prevent SQL injection ( SQLi ) attacks.
How to Create SQL Statements using JDBC ?
To process any SQL statement with JDBC you should follow the following steps.
- Create database connection.
- Create SQL Statement.
- Execute the Query.
- Process the ResultSet object.
- Close the ResultSet.
- Close the SQL Statement.
- Finally close the database connection.
Following java.sql.Statement example shows the above steps.
How to retrieve records from MySQL database using Java Example ?
import java.sql.DriverManager; import java.sql.Connection; import java.sql.Statement; import java.sql.ResultSet; public class MySQLJavaSQLStatement { public static void main(String args[]) { Connection sql_connection = null; Statement statement = null; ResultSet resultset = null; String database_user = "your database user"; String database_password = "your database password"; try { Class.forName("com.mysql.jdbc.Driver"); sql_connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/your_database_name", database_user, database_password); statement = sql_connection.createStatement(); resultset = statement.executeQuery("SELECT * FROM your_table"); System.out.println("Column1\tColumn2"); System.out.println("-------------------------"); while(resultset.next()) { System.out.println(resultset.getString(1) + "\t" + resultset.getString(2)); } } catch(Exception e) { System.out.println("Error Occured : " + e.getMessage()); } finally { try { if (resultset != null) { resultset.close(); resultset = null; } if (statement != null) { statement.close(); statement = null; } if (sql_connection != null) { if (!sql_connection.isClosed()) { sql_connection.close(); } sql_connection = null; } } catch(Exception ex) { System.out.println("MySQL Database Connection Close Error"); } } } }