5. Курс по Java, 2016
CRUD
test=# INSERT INTO items (name) VALUES ('First Item');
INSERT 0 1
test=# SELECT * FROM items;
id | name
----+------------
1 | First Item
(1 row)
6. Курс по Java, 2016
CRUD
test=# UPDATE items
SET name = 'First Item Updated'
WHERE id = 1;
UPDATE 1
test=# SELECT * FROM items;
id | name
----+--------------------
1 | First Item Updated
(1 row)
7. Курс по Java, 2016
CRUD
test=# DELETE FROM items WHERE id = 1;
DELETE 1
test=# SELECT * FROM items;
id | name
----+------
(0 rows)
8. Курс по Java, 2016
JDBC
Java DataBase Connectivity
java.sql.*
9. Курс по Java, 2016
PostgreSQL Driver
<dependencies>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>9.4.1208</version>
</dependency>
</dependencies>
10. Курс по Java, 2016
Загрузить драйвер
Class.forName("org.postgresql.Driver");
11. Курс по Java, 2016
Подключиться к БД
String url = "jdbc:postgresql://localhost/test";
String username = "postgres";
String password = "postgres";
Connection connection =
DriverManager.getConnection(url, username, password);
// do something
connection.close();
12. Курс по Java, 2016
Выборка
Statement statement = connection.createStatement();
ResultSet resultSet =
statement.executeQuery("SELECT * FROM items");
while (resultSet.next())
{
System.out.println(
String.format("%st%s",
resultSet.getInt(1),
resultSet.getString(2)));
}
resultSet.close();
statement.close();
13. Курс по Java, 2016
Вставка
PreparedStatement statement =
connection.prepareStatement(
"INSERT INTO items (name) VALUES (?)");
statement.setString(1,
String.format("New Item at %s", new java.util.Date()));
statement.execute();
statement.close();
14. Курс по Java, 2016
Обновление
PreparedStatement statement = connection.prepareStatement(
"UPDATE items SET name = ? WHERE id = ?");
statement.setString(1, "Item Name");
statement.setInt(2, 42);
statement.execute();
statement.close();
15. Курс по Java, 2016
Удаление
PreparedStatement statement = connection.prepareStatement(
"DELETE FROM items WHERE id = ?");
statement.setInt(1, 42);
statement.execute();
statement.close();
16. Курс по Java, 2016
SQL инъекция
Statement statement = connection.createStatement();
String value = "New Item";
statement.execute(
"INSERT INTO items (name) VALUES ('" + value + "')");
statement.close();
17. Курс по Java, 2016
SQL инъекция
Statement statement = connection.createStatement();
String value = "'); DROP TABLE items; SELECT ('1";
statement.execute(
"INSERT INTO items (name) VALUES ('" + value + "')");
statement.close();
18. Курс по Java, 2016
PreparedStatement
PreparedStatement statement =
connection.prepareStatement(
"INSERT INTO items (name) VALUES (?)");
19. Курс по Java, 2016
AutoClosable
try (Connection connection =
dataSource.getConnection()) {
try (PreparedStatement statement =
connection.prepareStatement(
"SELECT id, name FROM items")) {
try (ResultSet resultSet =
statement.executeQuery()) {
while (resultSet.next()) {
...
}
}
}
} catch (SQLException e) {
20. Курс по Java, 2016
PostgreSQL в Tomcat
cp postgresql.jar $CATALINA_HOME/lib
21. Курс по Java, 2016
context.xml
<Context>
<Resource name="jdbc/db" auth="Container"
type="javax.sql.DataSource"
driverClassName="org.postgresql.Driver"
url="jdbc:postgresql://localhost/test"
username="postgres" password="postgres"
maxTotal="20" maxIdle="10"
maxWaitMillis="-1"/>
</Context>
22. Курс по Java, 2016
web.xml
<resource-ref>
<description>Main DataSource</description>
<res-ref-name>jdbc/db</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
23. Курс по Java, 2016
JNDI
Context context = null;
DataSource dataSource;
try {
context = new InitialContext();
dataSource = (DataSource) context.lookup(
"java:/comp/env/jdbc/db");
} catch (NamingException e) {
throw new ServletException(e);
} finally {
try {
context.close();
} catch (NamingException e) {
throw new ServletException(e);
24. Курс по Java, 2016
DataSource
try (Connection connection = dataSource.getConnection()) {
// do something with Connection
} catch (SQLException e) {
throw new ServletException(e);
}
25. Курс по Java, 2016
Домашнее задание
Поиграть с JDBC
Сделать веб приложение со вставкой в БД и чтением из БД. Берем две
таблицы: Автор (ФИО) и книга (название, автор, год издания)
Пример: https://github.com/gelin/jdbc-sample