MELJUN_CORTES_JEDI CourseNotes-Web Programming-Lesson5-SQL and JDBC

8/3/2019 MELJUN_CORTES_JEDI CourseNotes-Web Programming-Lesson5-SQL and JDBC

1/17

Database Connectivity: SQL and JDBC

Introduction

Most web applications are connected to some form of external storage in order to driveits dynamic content. This storage often takes the form of a relational database, due to itssimplicity and the ease by which users can extract related data.

This extraction of data from a relational database is accomplished through the use ofSQL, or Structured Query Language. This language defines a syntax and several

keywords which can be understood by the database system. Most relational databasesystems provide a client program through which such SQL commands can be entered,

and its results displayed to the user. However, web applications cannot interface to thedatabase using these programs.

The JDBC API which comes as part of the J2EE platform provides developers a standard,programmatic way of interfacing with relational database systems. By making use of thisAPI, developers can issue SQL queries and make use of its results to generate dynamic

content for the end client.

Relational Databases

Relational databases are the storage medium of choice for many web based applications

that require dynamic content. The basic syntax needed to retrieve and manipulate datathat it stores is easy to pick up. Currently, it also has widespread industry support,meaning that there are plenty of options available, with little to no shortage of technical

resources that can be retrieved from the Internet.

As implied by its name, relational databases store data as related sets of information.Relational groupings are expressed as tables. Each table contains columns that definethe properties of each data set stored within it.

This concept can be visualized by the following example:

userid name address contactnum

14627895 Duke California 092456278865248987 Kimi Finland 8687243217

Figure 1: Sample Table

In this example, we have a table that will be used to store user information. The tabledefines four columns: a userID column which will store an id that uniquely defines auser, a name column, address, and contact number column. Each row in the tablerepresents a single data entry. This means that there is a user named Duke whoseaddress is at Sun Microsystems with so-and-so userid and so-and-so contactnum.

Actual tables in a database system are not as simple as the one above. Database tables


2/17

are usually designed with logical constraints so as to preserve the consistency of itsdata. One such constraint is the assignation of data types: each column is defined to beof a specific data type. The system automatically rejects the insertion of new data sets if

one or more of its column entries does not match the data type specified. For example,the userid column may be defined internally to be of an integer datatype. Inserting new

rows which contains characters for its value for the userid column will cause the insertionto fail. Another constraint usually imposed on a table is that of uniqueness: if a column is

defined to be 'unique', the system will not allow the insertion of a new data set whichcontains a value already existing in the system.

The mechanics of table design is beyond the scope of this discussion, and will be left formore comprehensive resources. What this discussion will focus on would be themechanics of data access and modification in a given database table.

SQL Statements

As previously mentioned, operations on relational databases are accomplished throughthe use of SQL. There are several types of SQL statements, though only two of these willbe covered in this chapter.

Data Retrieval

This type of SQL statement focuses on reading data from one or more tables in the

database. Queries of this type can either be left open-ended to retrieve ALL data setswithin a specified table (or group of tables), or they can be parameterized such thatknown column values are supplied and data sets are retrieved such that they satisfy thegiven conditions.

There is only one SQL statement that falls within this type: the SELECT statement.

SELECT STATEMENT

A SELECT statement is used to query the database about information which the database

returns as a set of rows.

The basic format of a SELECT statement is:

SELECT column(s) FROM tablename WHERE condition(s)

In the syntax above, SELECT, FROM, and WHERE are SQL keywords, while columns,tablename, and conditions are values supplied by the developer.

SELECT - marks the start of the SELECT statement

column(s) - the name of the column whose value will be retrieved. If more thanone column is to be retrieved, the column names are separated by commas. If all

available columns are to be retrieved, an * (asterisk) is used instead of actualcolumn names.

Example of multiple column name values -> SELECT userid, name,address FROM ...

Example of retrieving all columns -> SELECT * FROM ... FROM - an SQL keyword used to indicate the table from which the data is to be


3/17

retrieved. A mechanism for retrieving data from multiple tables is included withinthe language. This will be discussed in more detail later.

WHERE - an optional keyword that specifies conditions that must be fulfilled by

data entries before they can be included as a result. More than one condition canbe specified; in that case, each condition is separated by either an AND or OR

keyword that performs the same as their logical equivalent. There are severalpossible kinds of conditions that are allowed; they will be touched on later.

The FROM clause

The FROM clause in a SELECT statement defines the table(s) from which the data set willbe gathered. If the data comes from only one table, then that table's name is simplysupplied. However, if the data that we need comes from more than one table, anoperation called a table join needs to be performed.

Table joins can be performed several ways: By listing all the tables to join, separated by commas. While this is the simplest to

do, it also ranks the lowest in terms of performance. What it does is perform aCartesian product on the tables, resulting in a large, unwieldy table.

Example: Given two tables users, and userdownloads, join is performed by: ... FROM users, userdownloads [WHERE ...]

By using one of several JOIN keywords. General syntax is table1 JOIN table2 oncondition. Condition specifies which rows on both tables to join together.

LEFT JOIN - Performs similar to JOIN, except that all entries in table1 isapplied to the join, even if some rows do not fit the condition.

RIGHT JOIN - Performs similar to JOIN, except that all entries in table2 isapplied to the join, even if some rows don't fit the condition.

INNER JOIN - Only entries in both tables that match the condition areconsidered for the join.

Examples for JOINs

The examples which will follow are based on the following tables:

User UserDownloads

userid name addresscontactnum

14627895 DukeSanFrancisco

0924562788

65248987 Kimi Finland8687243217

84321874 Dante San Jose6365498428

useriddownloaditem

downloaddate

14627895CoursewareNotes

Dec. 19,2005

36542036 ExercisesFeb. 11,2006

84321874 SlidesMarch 13,2006

If simple comma-delimitation was used, the following would be the result:

userid name address contactnu userid downloadi downloadd


4/17

m tem ate

14627895 DukeSan

Francisco

092456278

814627895 Courseware

Dec. 19,

2005

14627895 DukeSan

Francisco

092456278

836542036 Exercises

Feb. 11,

2006


0924562788

84321874 SlidesMarch 13,2006

65248987 Kimi Finland8687243217


Dec. 19,2005

65248987 Kimi Finland868724321

736542036 Exercises

Feb. 11,

2006

65248987 Kimi Finland8687243217

84321874 SlidesMarch 13,2006

84321874 Dante San Jose6365498428


Dec. 19,2005

84321874 Dante San Jose636549842

836542036 Exercises

Feb. 11,

2006

84321874 Dante San Jose636549842

884321874 Slides

March 13,

2006

Using the LEFT JOIN on this tables, with the condition that User.userid =UserDownloads.userid

userid name address

contactnu

m userid

downloadi

tem

downloadd

ate

14627895 DukeSan

Francisco

092456278

814627895 Courseware

Dec. 19,

2005

65248987 Kimi Finland8687243217

84321874 Dante San Jose636549842

884321874 Slides

March 13,

2006

Using the RIGHT JOIN on this table, with the same condition

userid name addresscontactnum userid

downloaditem

downloaddate


0924562788

14627895 CoursewareDec. 19,2005

36542036 ExercisesFeb. 11,2006

84321874 Dante San Jose6365498428

84321874 SlidesMarch 13,2006

Using INNER JOIN on this table, with the same condition


5/17

userid name addresscontactnum

useriddownloaditem

downloaddate


0924562788 14627895 Courseware

Dec. 19,2005

84321874 Dante San Jose6365498428

84321874 SlidesMarch 13,2006

In most cases, an INNER JOIN yields the most relevant results for join operations.However, in the cases that the entries of one table should appear no matter what, aLEFT JOIN or RIGHT JOIN is more appropriate. At all times, avoid using the comma-delimited join. While it is simpler and more convenient to write, the performance hit

incurred in its usage makes the time investment of writing a proper join worth it.

The WHERE clause

The WHERE clause in a SELECT statement specifies a condition that must be matched byentries in the selected table in order for them to be part of the result. There are severaloperators that can be used to specify a condition. They are:

= - Checks for equality between two given operands =, > - Checks if the first operand is greater than equal to, or greater than the2nd operand.

like - Performs a string comparison between the two operands. Using thisoperation, two wildcard characters can be used to represent unknown values.

% - matches any string of any length. Ex. 'A%s' will match any stringstarting with A and ending in s.

_ - matches any single character string. Ex. 'b_t' will match bot, but, bit,bat, and bet.

The following are simple examples on using the SELECT statement

If we wanted to retrieve all available data on the users table:

SELECT * from users;

If we were to look for the addresses of users with a name of Smith, the SQL statementwould look like:SELECT address from users where name ='Smith';

If for example, we wanted to retrieve entries for all users with a name starting with 'S',we could make use of the like operator:SELECT * from users where name like 'S%';

SQL is not case-sensitive about the developer's use of its keywords. However, it IS case-sensitive with regards to values it performs comparisons on. The following statement will

return a different set of data compared to the one above:SELECT * from users where name ='sMith';


6/17

Data Manipulation

Statements that fall under this type are used to modify the state of data in the database.

There are several such statements, each catering to a specific data manipulation need.

. INSERT STATEMENT

INSERT statements are used to insert new rows of information in existing databasetables.

The basic structure of an INSERT statement is:

INSERT INTO table-name VALUES(value1, value2, ...)

where table-name is the name of the table which will contain the new data row. The

parameter given inside the VALUES keyword is a comma-delimited list of values that willbe added into the table. In cases like this where only the table is specified, SQL will

associate the values given in the statement with the fields inside the database by basingit on the ordering the values were given and the ordering of the fields in the databasetable.

If, for example, we had a table called user, with fields userid, name, address (in thatorder), the following line will add a new entry to the table:

INSERT INTO users VALUES(199700651, 'Jedi Master', 'UP Ayala Technopark');

It is important to note that any call to INSERT must follow the integrity rules as defined

in the data table. That is, if a field in a database is defined to be non-null, any attempt toinsert a null-value into that field will cause an error in the database.

. UPDATE STATEMENT

The UPDATE statement updates existing rows in a table, as opposed to the INSERTstatement that adds entirely new rows. The basic format of the UPDATE statement is:

UPDATE table-name set column-value(s) WHERE condition(s)

where table-name is the name of the table which contains the rows to update, andcolumn-values is a comma-delimited list of column name and value pairs. Optionally, acomma-delimited list of conditions can be added to specify which rows in the table are tobe modified. If conditions are not given, the updates are applied to each row in thespecified table.

Any updates must conform to data integrity rules in the database. For example, settingto null a column defined to be NOT NULL will result in the statement not being executed

and an error message thrown by the relational database.

. DELETE STATEMENT

The DELETE statement removes a row from a specified table. A basic DELETE statementlooks like:


7/17

DELETE FROM table-name WHERE condition(s)

where table-name is the name of the table containing the rows to be deleted. A comma-

delimited list of conditions can optionally be specified as well. If no conditions are given,the statement will delete all rows in the specified table.

JDBC

Java provides a standard API for accessing databases called the Java DatabaseConnectivity (JDBC) API. Using this , developers can access databases no matter whothe vendor may be; the vendors provide the implementations to the abstract interfaces

defined in the API, providing the same set of functionality to the developer.

The following are key classes in the JDBC API, all of which we'll cover in more detaillater:

java.sql.Connection represents a connection with the database. Abstracts thedetails of how to communicate with the database server.

java.sql.DriverManager manages JDBC drivers used by the application. Inconjunction with the proper driver URL and proper authentication, can provideapplications with valid instances of Connection objects.

javax.sql.DataSource abstracts the details (URL, authentication details) of howto obtain a connection to the database. Newer and more preferred method of

obtaining Connection objects. java.sql.Statement provides methods for the developer to execute SQL

statements. java.sql.ResultSet represents the results of an SQL statement. These objects

are usually returned from methods in the Statement object.

java.sql.DriverManager

Using this class, a developer can retrieve a Connection object which he can then use toperform database activities. There are two steps required:

First, the JDBC driver must first be registered with the DriverManager. This canbe done by using the Class.forName method to load the driver's class definition

into memory. Second, use the getConnection method in the DriverManagerm supplying a JDBC

URL, as well as the username and password authenticated for database access.

The URL must follow the syntax required by the particular databaseimplementation,

Below is a sample of how to get a Connection from a PostgreSQL database. Again, theURL and driver is specific to the database implementation being used. For otherdatabases, check the documentation provided.


8/17

String jdbcURL = "jdbc:postgresql://localhost:5432/jedi-db";

String user = "jedi";String password = "j3d1master";

Connection conn = null;

try {Class.forName("org.postgresql.Driver");conn = DriverManager.getConnection(url, user, password);...

} catch (SQLException e) {// perform error handling here

}

While this is a valid way of retrieving a Connection object, this method requires thedeveloper to keep track of such details as the driver class name, the URL required for

database access, and the username and password cleared for database usage. Thesedetails are the ones most likely to change per deployment of the application. Also,managing the URL and driver name in the code makes it harder for the application toswitch database implementations, if it ever becomes necessary.

javax.sql.DataSource

DataSource is an interface defined in the JDBC API since version 2 of its specification. Itis now also the recommended way for a developer to get a Connection object. Retrieval

of the Connection object is very straightforward: simply call the getConnection() methodin a valid instance of DataSource. It is obtaining an instance of DataSource that can now

pose a problem for some developers.

Since DataSource is an interface, an instance cannot simply be created by the developerusing the new operator. It is recommended that we let the application server we areusing manage the creation of DataSource objects for us. Doing so allows the applicationserver to add useful functionality such as connection pooling in a manner that istransparent to both the developer and the end user.

. Configuring DataSource in Sun Application Server 8.1

Each server has its own procedure for configuring and managing DataSources. What wewill discuss would be the procedure for doing so in the container we have been using sofar for our examples: Sun Application Server 8.1.

Setting up the datasource for AppServer 8.1 consists of 3 steps: Registering the JAR file containing the JDBC driver with the container. Creating a connection pool to the database Registering a datasource that makes use of a connection pool.

Registering the JAR file

The first step would be to access the admin console for the server. By default, the admin

console can be accessed by entering the following URL in the browser address bar:http://localhost:4848/
http://localhost:4848/http://localhost:4848/


9/17

In case a different port number was configured for your admin console during installtime, simply replace 4848 with the port number.

After supplying the security credentials needed to access the console, a new screen willappear. To proceed, click on Application Server in the left pane, then click on theJVM

settings tab on the pane to the right.

In the screen that would appear next, select the Path Settings tab on the pane to theright. A screen similar to the one below will appear.Scroll down until you encounter a textarea labeled Classpath suffix. Input the pathleading to the JAR file containing the JDBC drivers.

Creating a connection pool

To start creating a connection pool, click on the JDBC link on the pane to the left, then

click Connection Pools on the pane to the right.

In the screen that appears next, click on the New... button to bring up a display similarto the one below:

Figure 2


10/17

Under the Name field, enter the name by which this connection pool will be referred.Under the Resource Type drop-down, select javax.sql.DataSource. Leave the DatabaseVendor drop-down blank, as PostgreSQL is not included in the list of vendors.

Click Next, then when prompted for the datasource class name, enter:

org.postgresql.jdbc3.Jdbc3PoolingDataSource. Click Next to continue.

In the next screen, scroll down until you see the properties to be associated with thisconnection pool.

The following parameters need to have values supplied:

Password ServerName PortNumber

DatabaseName User

After supplying all of the above values, click on the Finish button.

Registering the Datasource

To start registering a datasource, click on the JDBC link found on the left pane, then clickon JDBC Resources. In the following screen, click on New ...

A screen similar to the one below will appear. The fields are to be filled as follows:

JNDI Name enter the logical name by which the application will retrieve theDataSource. It is recommended that this name havejdbc/as its prefix, to make iteasier for future server administrators to identify this element as a JDBCresource.

Pool name select the name of the connection pool created earlier. Description enter text describing the DataSource (optional)

Click on OK to finish.

. Retrieving the DataSource

Retrieving an instance of a DataSource from an application server is simple and can be

accomplished using only a few lines of code using a portion of the JNDI API.

Java Naming Directory Interface (JNDI) is the Java standard API for accessingdirectories. A directory is a centralized location where Java applications can retrieveexternal resources using a logical name.

Additional details for JNDI and how it works is beyond the scope of this lesson. The onlything that we need to know is that application servers maintain a directory to which it

will publish the DataSource that we configured earlier. Our application can then performa simple name lookup on that directory to retrieve the resource.

For our purposes, it is enough for us to create a JNDI context using the defaultconstructor. This JNDI context abstracts the details of connecting to the directory,


11/17

making resource lookup as simple as calling a single method. Take note that the nameused to lookup the resource must be the same name used in configuring theDataSource.

...Context ctxt = null;DataSource ds = null;

try {// create an instance of the JNDI context to which we will perform lookupsctxt = new InitialContext();

// retrieve the DataSource from the directory using a logical name

ds = (DataSource)ctxt.lookup("jdbc/PostgreSQLDS");} catch (NamingException ne) {

System.err("Specified DataSource cannot be found");}

Once we have a valid DataSource instance, getting a Connection object is as simple as

Connection conn = ds.getConnection();

java.sql.Connection / java.sql.Statement

java.sql.Connection objects represent actual connections to the database. Once we havean instance of this object, we can create an instance of a Statement object, which we

can then use to perform SQL queries.

The Statement object provides a number of methods to execute SQL queries. The twomost used are:

executeQuery takes in SELECT statements and returns the result of theoperation as a ResultSet object.

executeUpdate takes in INSERT, UPDATE, or DELETE statements and returnsthe number of rows affected as an integer primitive.

Below is a piece of sample code outlining the procedure:


12/17

Context ctxt = null;

DataSource ds = null;Connection conn = null;

Statement stmt = null;ResultSet rs = null;

try {ctxt = new InitialContext();ds = (DataSource)ctxt.lookup("jdbc/PostgreSQLDS");conn = ds.getConnection();stmt = conn.createStatement();

rs = stmt.executeQuery("SELECT * FROM users");

} catch (NamingException e) {

System.err("Cannot find named datasource");} catch (SQLException se) {System.err("Error occurred while performing query");}

java.sql.ResultSet

A ResultSet object encapsulates the results of a query to the database. The data inside aResultSet object can best be visualized as a table. The information can then be retrieved

one row at a time, with the ResultSet object keeping track of which row is current.

To iterate over the rows exposed in the ResultSet, it provides us with a method called

next(). Calling the next() method moves the internal pointer the ResultSet object keepsto point to the next row. This method returns true if there is a next row to be found, andfalse if there are no more rows left.

while (rs.next()) {

//read data from current row here}

Figure 3: Sample of ResultSet iteration

To retrieve the data from each row, the ResultSet object provides us with a number ofget methods. There is a getString method for retrieving the data as a String, a getIntmethod for retrieving integer data, getBoolean for retrieving boolean data, etc. In allcases, these methods take in as a parameter either the column number of the column

containing the data, or the column name. It is recommended however, that names beused to specify a column to read from instead of a row number. This makes the

application easier to maintain, as it is possible that the column ordering might bechanged sometime after initial development.


13/17

Context ctxt = null;

DataSource ds = null;Connection conn = null;

Statement stmt = null;ResultSet rs = null;

try {ctxt = new InitialContext();ds = (DataSource)ctxt.lookup("jdbc/PostgreSQLDS");conn = ds.getConnection();stmt = conn.createStatement();


while (rs.next()) {

String userName = rs.getString("name");String address = rs.getString("address");int userID = rs.getInt("userid");

// perform operations on retrieved data here.}


System.err("Cannot find named datasource");} catch (SQLException se) {

System.err("Error occurred while performing query");}

Releasing system resources

One very important step that is often overlooked is the releasing of database resourcesafter an operation has been completed. This must be done explicitly and is theresponsibility of the programmer. Without performing such a release, the resourcestaken up by our operation can not be made use of in the future. For large-scale

applications, this can rapidly result in a loss of available connections.

The release of resources can be performed by calling on the close() methods availableon each of the Connection, Statement, and ResultSet objects. There is a specific orderinvolved, the ResultSet must be closed first, then the Statement, and finally the

Connection object. Since the close method in each of those objects is defined to throwan SQLException, enclose the call within a try-catch block.

A mistake that many developers make is to simply place the close methods within theprogram body. Here is an example:

Context ctxt = null;DataSource ds = null;

Connection conn = null;Statement stmt = null;

ResultSet rs = null;


14/17

try {ctxt = new InitialContext();

ds = (DataSource)ctxt.lookup("jdbc/PostgreSQLDS");conn = ds.getConnection();stmt = conn.createStatement();


while (rs.next()) {

String userName = rs.getString("name");String address = rs.getString("address");

int userID = rs.getInt("userid");

// perform operations on retrieved data here.

}

rs.close();

stmt.close();conn.close();


System.err("Cannot find named datasource");} catch (SQLException se) {System.err("Error occurred while performing query");}

The problem with this approach is that it only addresses success conditions. On caseswhere an exception has occurred within the code, the system resources will still not beproperly released. A better way of doing this would be to place the release code within afinallyclause, to ensure that it happens no matter what.

A proper example is presented below:

Context ctxt = null;DataSource ds = null;Connection conn = null;Statement stmt = null;

ResultSet rs = null;

try {ctxt = new InitialContext();

ds = (DataSource)ctxt.lookup("jdbc/PostgreSQLDS");conn = ds.getConnection();stmt = conn.createStatement();


while (rs.next()) {String userName = rs.getString("name");

String address = rs.getString("address");


15/17

int userID = rs.getInt("userid");

// perform operations on retrieved data here.

}

} catch (NamingException e) {System.err("Cannot find named datasource");

} catch (SQLException se) {System.err("Error occurred while performing query");

} finally {

try {if (rs != null) {

rs.close();}

} catch (SQLException e) {}

try {if (stmt != null) {

stmt.close();}


try {if (conn != null) {

conn.close();}


}

The checks for null are necessary just in case an error condition occurred before one ormore of the objects have been given proper instances. Each close method should also bein a separate try-catch clause to ensure that an error caused in an attempt to close oneobject does not skip on the attempt to close the others.

Summary

Obtain a Connection object either by using the DriverManager or by obtaining itfrom a DataSource object (recommended).

Create a Statement object using the createStatement() method available in the

Connection object. Perform SQL queries using the Statement object and retrieve the results If the result of a query is a ResultSet object, iterate over the rows by repeatedly

calling the next method while retrieving the data in each row. close all database related objects.

EXERCISE

1) Consider the following table:USERS

useridgend

erfirstname lastname login password


16/17

14627895 M Jose Saraza jsaraza Asdfrewq167

65248987 M Rosario Antonio rantonio qwer4679

52317568 F Milagros Paguntalan mpaguntalan ukelllll3

72324489 M Frank Masipiquena fmasipiquenaDf23efzsxf234

1

1) Create the necessary SQL statements that will perform the followinga) Retrieve all male users.b) Retrieve all users with a first name starting with F.c) Change the login name for the entry with a userid of 65248987 into rtonio.

d) Delete all female entries.e) Insert the following entry into the table:

userid gender firstname lastname login password

69257824 F Anne Sacramento asacramento k1lasdoj24f

2) Create a LoginHandler class. It must contain a method with the following signature:

public boolean isUserAuthorized(String loginName, String password)Inside the method body, create an implementation that would connect to the sample

database, and check against the users table whether an entry exists that has the samelogin and password as given in the parameters. Use the DriverManager class to obtain a

connection to the database.

3) Create a servlet named UserEntryServlet that will service the following form:

User ID:

First name

Last name

Login name

Password


17/17

Using the values given in the form, insert a new entry into the users table in the

sample database. To connect to the database, configure the Application Server tohandle a datasource.

4) Create a servlet named UserRemovalServlet that will expect a parameter named"userID". Delete the entry in the database corresponding to that entry.

MELJUN_CORTES_JEDI CourseNotes-Web Programming-Lesson5-SQL and JDBC

Documents

Transcript of MELJUN_CORTES_JEDI CourseNotes-Web Programming-Lesson5-SQL and JDBC