Date post: | 11-Jan-2016 |
Category: |
Documents |
Upload: | georgina-mills |
View: | 229 times |
Download: | 1 times |
1
Databases & Web-based Applications
JDBC & Java Servlets
A. Benabdelkader ©UvA, 2002/2003
2
JDBC
3
Java Database Connectivity - JDBCJDBC
Modeled after ODBC, JDBC API supports basic SQL functionality
With JDBC, Java can be used as host language for writing database applications
On top of JDBC, higher-level APIs can be built Currently, two types of higher-level APIs:
An embedded SQL for Java (eg. SQLJ)
A direct mapping of relational database tables to Java classes (eg. Java Blend from Sun)
Connolly © Addison Wesley, 2002
4
JDBC
JDBC API consists of two main interfaces: an API for application writers, and a lower-level driver API for driver writers
Applications and applets can access databases using: ODBC drivers and existing database client libraries JDBC API with pure Java JDBC drivers
Connolly © Addison Wesley, 2002
5
JDBC
Connolly © Addison Wesley, 2002
6
JDBC - Advantages/Disadvantages
Advantage of using JDBC drivers is that they are a de facto standard for PC database access, and are available for many DBMSs, for very low price
Disadvantages with this approach: Non-pure JDBC driver will not necessarily work with a
Web browser Currently downloaded applet can connect only to
database located on host machine Deployment costs increase
Connolly © Addison Wesley, 2002
7
JDBC - java.sql Packagejava.sql Package
Driver: supports the creation of a data connection
Connection: represents the connection between a Java client and an SQL database server
DatabaseMetaData: contains information about the database server
Statement: includes methods for executing SQL queries
PreparedStatement: represents a pre-compiled and stored query
CallableStatement: used to execute SQL stored procedures
ResultSet: contains the results of the execution of a select query
ResultSetMetaData, contains information about a ResultSet, including the attribute names and types
A. Benabdelkader ©UvA, 2002/2003
8
JDBC - Connecting to Databases
java.sql.Driver no methods for users DriverManager.Connect method create connection
java.sql.Connection createStatement
java.sql.Statement executeQuery returns table as ResultSet executeUpdate returns integer update count
A. Benabdelkader ©UvA, 2002/2003
9
JDBC - ConnectionsConnections
Loading driver classes Class.forName("myDriver.ClassName");
Class.forName(“sun.jdbc.odbc.JdbcOdbcDriver”);
Database connection URL jdbc:<subprotocol>:<subname>
jdbc:odbc:mydatabase
subname example //hostname:port/databasename
//enp01.enp.fsu.edu:3306/gsim
Database MetaData DatabaseMetaData dma = con.getMetaData();
A. Benabdelkader ©UvA, 2002/2003
10
JDBC Examples - ConnectionConnection
import java.sql.*;public class JDBC_Connection {
public static void main(String args[]) {String url = "jdbc:mt://amelie.wins.uva.nl/QueryDemo";try {
Class.forName("com.matisse.sql.MtDriver");} catch(java.lang.ClassNotFoundException e) {
System.err.println(e.getMessage());}try { Connection con = DriverManager.getConnection(url); DatabaseMetaData dma = con.getMetaData();
// Get information about the connection System.out.println("\nConnected to : " + dma.getURL() + "\nDriver : " + dma.getDriverName() + "\nVersion : " + dma.getDriverVersion());
}con.close();
} catch(SQLException ex) {System.err.println(ex.getMessage());}}
A. Benabdelkader ©UvA, 2002/2003
11
JDBC Examples - Meta DataMeta Data
…..
String query = “Select ….”
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery(query);
ResultSetMetaData rsmd = rs.getMetaData ();
int numCols = rsmd.getColumnCount ();
for (i=1; (i<=numCols); i++) {System.out.println("\n” +
“Column Name: " + rsmd.getColumnLabel(i) + ”Type: " + rsmd.getColumnType(i));
}
A. Benabdelkader ©UvA, 2002 /2003
12
JDBC Examples - Execute QueryExecute Query
public class SQLStatement {try {
// make the connection …...
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery(query);While (rs.next()) {
For (int i = 1; i <= numCols; i++) { System.out.print(“Column “+ i + ":
"); System.out.println(rs.getString(i));
} } stmt.close(); con.close();} catch(SQLException ex) {System.err.println(ex.getMessage());}
}
A. Benabdelkader ©UvA, 2002 /2003
13
JDBC - Update StatementsUpdate Statements
Create new ObjectsString insertSQL = ”insert into Course (Code, Name) ”
+”values (’Brown’,’Web Databases’)”;
int rowcount = stmt.executeUpdate(insertSQL);
if (rowcount == 0) // insert failed
Update ObjectsString updateSQL = “update Course set “ +”Course.Credit = 7 where Code =’BI301004’”;int count = stmt.execute(updateSQL);
// count is number of rows affected
A. Benabdelkader ©UvA, 2002 /2003
14
JDBC - Executing unknown SQLExecuting unknown SQL
Arbitrary SQL may return table (ResultSet) or row count (int)
Statement.execute methodstmt.execute(sqlStatement);result = stmt.getResultSet();while (true) {// loop through all resultsif (result != null) // process result else {// result is not a ResultSet
rowcount = stmt.getUpdateCount(); if (rowcount == -1) break // no more resultselse // process row count
}result = stmt.getMoreResults())
}
A. Benabdelkader ©UvA, 2002/2003
15
JDBC - Universal Database DiscoveryUniversal Database Discovery
Get DB MetaData - Get DB Tables
DatabaseMetaData dmd;
try {dmd = con.getMetaData();
try {
String tables[] = {"TABLE", "VIEW"};
results = dmd.getTables("", "", "", tables);
} catch (SQLException e){out.println(e);}
} catch (Exception e) {out.println(e);}
// GET ALL RESULTS
A. Benabdelkader ©UvA, 2002/2003
16
JDBC - Universal Database DiscoveryUniversal Database Discovery
Get Tables Resultstry {
ResultSetMetaData rsmd = results.getMetaData();
int numCols = rsmd.getColumnCount();
while (results.next())
{
System.out.println("Table Name: " +results.getString("TABLE_NAME"));
}
results.close();
con.close();
} catch (Exception e) {
out.println(e);
}
A. Benabdelkader ©UvA, 2002/2003
17
Core Servlets & JSP book: www.coreservlets.comMore Servlets & JSP book: www.moreservlets.com
Servlet and JSP Training Courses: courses.coreservlets.com
Java Servlets
18 www.coreservlets.com
Outline
• Java servlets• Advantages of servlets• Servlet structure• Servlet examples• Handling the client request
– Form Data– HTTP request headers
19 www.coreservlets.com
A Servlet’s Job
• Read explicit data sent by client (form data)• Read implicit data sent by client
(request headers)• Generate the results• Send the explicit data back to client (HTML)• Send the implicit data to client
(status codes and response headers)
20 www.coreservlets.com
Why Build Web Pages Dynamically?
• The Web page is based on data submitted by the user– E.g., results page from search engines and order-
confirmation pages at on-line stores• The Web page is derived from data that changes
frequently– E.g., a weather report or news headlines page
• The Web page uses information from databases or other server-side sources – E.g., an e-commerce site could use a servlet to build a
Web page that lists the current price and availability of each item that is for sale.
21 www.coreservlets.com
The Advantages of Servlets Over “Traditional” CGI
• Efficient – Threads instead of OS processes, one servlet copy,
persistence• Convenient
– Lots of high-level utilities• Powerful
– Sharing data, pooling, persistence• Portable
– Run on virtually all operating systems and servers• Secure
– No shell escapes, no buffer overflows• Inexpensive
– There are plenty of free and low-cost servers.
22 www.coreservlets.com
Simple Servlet Template
import java.io.*;import javax.servlet.*;import javax.servlet.http.*;
public class ServletTemplate extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Use "request" to read incoming HTTP headers // (e.g. cookies) and HTML form data (query data) // Use "response" to specify the HTTP response
status // code and headers (e.g. the content type,
cookies). PrintWriter out = response.getWriter(); // Use "out" to send content to browser }}
23 www.coreservlets.com
A Simple Servlet That Generates Plain Text
import java.io.*; import javax.servlet.*;import javax.servlet.http.*;
public class HelloWorld extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { PrintWriter out = response.getWriter(); out.println("Hello World"); }}
24 www.coreservlets.com
A Servlet That Generates HTML
public class HelloWWW extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String docType = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 " + "Transitional//EN\">\n"; out.println(docType + "<HTML>\n" + "<HEAD><TITLE>Hello WWW</TITLE></HEAD>\n"
+ "<BODY>\n" + "<H1>Hello WWW</H1>\n" + "</BODY></HTML>"); }}
25 www.coreservlets.com
The Servlet Life Cycle
• init– Executed once when the servlet is first loaded. Not called for each request.
• service– Called in a new thread by server for each request.
Dispatches to doGet, doPost, etc. Do not override this method!
• doGet, doPost, doXxx– Handles GET, POST, etc. requests.– Override these to provide desired behavior.
• destroy– Called when server deletes servlet instance. Not called after each request.
26
Handling the Client Request: Form Data
• Form data• Processing form data• Reading request parameters• Filtering HTML-specific characters
27 www.coreservlets.com
The Role of Form Data
• Example URL at online travel agent– http://host/path?user=Marty+Hall&origin=bwi&dest=lax– Names come from HTML author;
values usually come from end user• Parsing form (query) data in traditional CGI
– Read the data one way (QUERY_STRING) for GET requests, another way (standard input) for POST requests
– Chop pairs at ampersands, then separate parameter names (left of the equal signs) from parameter values (right of the equal signs)
– URL decode values (e.g., "%7E" becomes "~")– Need special cases for omitted values
(param1=val1¶m2=¶m3=val3) and repeated parameters (param1=val1¶m2=val2¶m1=val3)
28 www.coreservlets.com
Creating Form Data: HTML Forms
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><TITLE>A Sample Form Using GET</TITLE></HEAD><BODY BGCOLOR="#FDF5E6"><H2 ALIGN="CENTER">A Sample Form Using GET</H2>
<FORM ACTION="http://localhost:8088/SomeProgram"> <CENTER> First name: <INPUT TYPE="TEXT" NAME="firstName" VALUE="Joe"><BR> Last name: <INPUT TYPE="TEXT" NAME="lastName" VALUE="Hacker"><P> <INPUT TYPE="SUBMIT"> <!-- Press this to submit form --> </CENTER></FORM></BODY></HTML>
• See CSAJSP Chapter 16 for details on forms
29 www.coreservlets.com
HTML Form: Initial Result
30 www.coreservlets.com
Reading Form Data In Servlets
• request.getParameter("name")– Returns URL-decoded value of first occurrence of name
in query string– Works identically for GET and POST requests– Returns null if no such parameter is in query
• request.getParameterValues("name")– Returns an array of the URL-decoded values of all
occurrences of name in query string– Returns a one-element array if param not repeated– Returns null if no such parameter is in query
• request.getParameterNames()– Returns Enumeration of request params
31 www.coreservlets.com
An HTML Form With Three Parameters
<FORM ACTION="/servlet/coreservlets.ThreeParams"> First Parameter: <INPUT TYPE="TEXT" NAME="param1"><BR> Second Parameter: <INPUT TYPE="TEXT" NAME="param2"><BR> Third Parameter: <INPUT TYPE="TEXT" NAME="param3"><BR> <CENTER><INPUT TYPE="SUBMIT"></CENTER></FORM>
32 www.coreservlets.com
Reading the Three Parameters
public class ThreeParams extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String title = "Reading Three Request Parameters"; out.println(ServletUtilities.headWithTitle(title) + "<BODY BGCOLOR=\"#FDF5E6\">\n" + "<H1 ALIGN=CENTER>" + title + "</H1>\n" + "<UL>\n" + " <LI><B>param1</B>: " + request.getParameter("param1") + "\n" + " <LI><B>param2</B>: " + request.getParameter("param2") + "\n" + " <LI><B>param3</B>: " + request.getParameter("param3") + "\n" + "</UL>\n" + "</BODY></HTML>"); }}
33 www.coreservlets.com
Reading Three Parameters:Result
34 www.coreservlets.com
Filtering Strings for HTML-Specific Characters
• You cannot safely insert arbitrary strings into servlet output– < and > can cause problems anywhere– & and " can cause problems inside of HTML attributes
• You sometimes cannot manually translate– The string is derived from a program excerpt or another
source where it is already in some standard format– The string is derived from HTML form data
• Failing to filter special characters from form data makes you vulnerable to cross-site scripting attack– http://www.cert.org/advisories/CA-2000-02.html– http://www.microsoft.com/technet/security/crssite.asp