JDBC Flashcards

1
Q

What is JDBC?

A

Java database connectivity (JDBC).

JDBC helps you to write Java applications that manage these three programming activities:

Connect to a data source, like a database.

Send queries and update statements to the database.

Retrieve and process the results received from the database in answer to your query.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the core interfaces / classes in JDBC?

A
  • DriverManager (Class)
    - manages the JDBC driver
    - .getConnection() method
  • Connection (Interface)
    - represents the connection to your database
    - createStatement()/PreparedStatement()
    - close()
  • Statement (Interface)
    - represents a SQL statement
    - .executeQuery()
    - vulnerable to SQL injection
  • PreparedStatement (Interface)
    - represents a SQL statement
    - that has been preprocessed and prevents SQL injection
    - use methods to set fields
  • ResultSet (Interface)
    - represents the result of a query
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a stored procedure and how would you call it in Java?

A

A stored procedure is Java code in a method with signature public static void procedureMethod. The stored procedure is created and stored in the Java DB database as a database object.

The procedure is invoked (or called) using a SQL command, or from a Java program using JDBC API.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the difference between Statement and PreparedStatement?

A

Statement will be used for executing static SQL statements and it can’t accept input parameters.

PreparedStatement will be used for executing SQL statements many times dynamically. It will accept input parameters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Steps to executing an SQL query using JDBC?

A
  1. Establishing a connection.
  2. Create a statement.
  3. Execute the query.
  4. Process the ResultSet object.
  5. Close the connection.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is SQL Injection?

A

SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed.

This information may include any number of items, including:

sensitive company data,
user lists
or private customer details.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly