PreparedStatement, CallableStatement, and ResultSet
In advanced Java, managing database interactions is a crucial task. The JDBC (Java Database Connectivity) API provides various classes that simplify interacting with databases. Three important classes in JDBC are PreparedStatement
, CallableStatement
, and ResultSet
, which allow developers to execute SQL queries, call stored procedures, and handle results efficiently. In this article, we will explore these classes and demonstrate their use through examples.
1. Introduction to PreparedStatement
The PreparedStatement
is an extension of the Statement
interface in JDBC. It is used to execute precompiled SQL queries with or without input parameters. Prepared statements help prevent SQL injection attacks and improve performance when executing the same query multiple times with different parameters.
Example: Using PreparedStatement for SQL Queries
import java.sql.*;
public class PreparedStatementExample {
public static void main(String[] args) {
String url = "jdbc:mysql://localhost:3306/yourdatabase";
String user = "root";
String password = "password";
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try {
// Establish the connection
conn = DriverManager.getConnection(url, user, password);
// Create the SQL query
String sql = "SELECT * FROM employees WHERE salary > ?";
pstmt = conn.prepareStatement(sql);
// Set the parameter for salary
pstmt.setDouble(1, 50000.0);
// Execute the query
rs = pstmt.executeQuery();
// Process the result set
while (rs.next()) {
int id = rs.getInt("id");
String name = rs.getString("name");
double salary = rs.getDouble("salary");
System.out.println(id + ", " + name + ", " + salary);
}
} catch (SQLException e) {
e.printStackTrace();
} finally {
try {
if (rs != null) rs.close();
if (pstmt != null) pstmt.close();
if (conn != null) conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
In this example, we use PreparedStatement
to execute a query that selects employees with a salary greater than a specified value. The query is precompiled, and the parameter is set using setDouble()
to insert the salary value safely into the SQL query.
2. Introduction to CallableStatement
The CallableStatement
interface is used to execute SQL stored procedures. It allows you to call stored procedures that may have input and output parameters. This is especially useful for executing complex SQL queries or database logic encapsulated in stored procedures.
Example: Using CallableStatement to Call a Stored Procedure
import java.sql.*;
public class CallableStatementExample {
public static void main(String[] args) {
String url = "jdbc:mysql://localhost:3306/yourdatabase";
String user = "root";
String password = "password";
Connection conn = null;
CallableStatement cstmt = null;
try {
// Establish the connection
conn = DriverManager.getConnection(url, user, password);
// Create the SQL query to call a stored procedure
String sql = "{CALL getEmployeeById(?)}";
cstmt = conn.prepareCall(sql);
// Set the input parameter (employee ID)
cstmt.setInt(1, 1);
// Execute the stored procedure
ResultSet rs = cstmt.executeQuery();
// Process the result set
while (rs.next()) {
int id = rs.getInt("id");
String name = rs.getString("name");
double salary = rs.getDouble("salary");
System.out.println(id + ", " + name + ", " + salary);
}
} catch (SQLException e) {
e.printStackTrace();
} finally {
try {
if (cstmt != null) cstmt.close();
if (conn != null) conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
In this example, we use CallableStatement
to call a stored procedure named getEmployeeById
which retrieves an employee's details based on their ID. The input parameter (employee ID) is set using setInt()
and passed to the stored procedure.
3. Introduction to ResultSet
The ResultSet
object is used to store the results of a query. It provides methods for retrieving data from the result set, such as getString()
, getInt()
, getDouble()
, etc. The result set is a cursor that points to the current row of the results, and you can iterate through the rows using methods like next()
.
Example: Using ResultSet to Retrieve Data
import java.sql.*;
public class ResultSetExample {
public static void main(String[] args) {
String url = "jdbc:mysql://localhost:3306/yourdatabase";
String user = "root";
String password = "password";
Connection conn = null;
Statement stmt = null;
ResultSet rs = null;
try {
// Establish the connection
conn = DriverManager.getConnection(url, user, password);
// Create the SQL statement
String sql = "SELECT * FROM employees";
stmt = conn.createStatement();
// Execute the query
rs = stmt.executeQuery(sql);
// Process the result set
while (rs.next()) {
int id = rs.getInt("id");
String name = rs.getString("name");
double salary = rs.getDouble("salary");
System.out.println(id + ", " + name + ", " + salary);
}
} catch (SQLException e) {
e.printStackTrace();
} finally {
try {
if (rs != null) rs.close();
if (stmt != null) stmt.close();
if (conn != null) conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
In this example, we use ResultSet
to retrieve data from the employees
table. We execute a simple SQL query, and then iterate over the result set using next()
to print each employee's details.
4. Summary of Differences
Here’s a quick summary of the differences between PreparedStatement
, CallableStatement
, and ResultSet
:
PreparedStatement
is used for executing precompiled SQL queries with or without input parameters. It helps prevent SQL injection and is more efficient for repeated executions of the same query with different parameters.CallableStatement
is used to execute stored procedures. It can handle both input and output parameters and is ideal for executing complex SQL logic that is stored within the database.ResultSet
is used to store and navigate the results of a query. It allows retrieving data from the result set row by row and provides methods to access different types of data.
5. Conclusion
In this article, we have explored the usage of PreparedStatement
, CallableStatement
, and ResultSet
in advanced Java for database interaction. These JDBC components play a key role in executing SQL queries, calling stored procedures, and managing the result sets. Understanding how to use these classes effectively will allow you to write efficient, secure, and maintainable database code in Java applications.