Is there any way to call SQL Function during updateXXX method in ResultSet of type ResultSet.TYPE_FORWARD_ONLY, ResultSet.CONCUR_UPDATABLE.
For example look at this code fragment:
stmt = con.createStatement(ResultSet.TYPE_FORWARD_ONLY, ResultSet.CONCUR_UPDATABLE);
rs = stmt.executeQuery(query);
while (rs.next()) {
rs.updateTimestamp("status_time", "NOW()"); // call some SQL function during update
rs.updateRow();
}
Is there any way to update value such way? The above example ofcourse don't work.
You can't do that. These methods are for setting actual values, not for executing SQL functions.
Related
I am wondering, how do I close an executeUpdate statement in JAVA(JDBC)?
For example:
String sql = "UPDATE. .. . .. Whatever...";
ResultSet rs = stmt.executeQuery(sql);
rs.close();
But I couldn't do this to update. So I googled and found out that I need to use executeUpdate but how do I close the statement after?
String sql = "UPDATE. .. . .. Whatever...";
int rs = stmt.executeUpdate(sql);
rs.close(); ??? <------
You don't close the executeUpdate, you close the Statement:
rs.close(); // Closes the ResultSet
stmt.close(); // Closes the Statement
Usually best to do that with a try-with-resources statement:
String sql = "UPDATE. .. . .. Whatever...";
try (
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery(sql);
) {
// Process results
}
try-with-resources will close both the Statement and the ResultSet for you. It was added in Java 7 (in 2011).
Side note: You've shown that you're using Statement and calling executeUpdate(String). That's fine as long as there's no externally-sourced information in the SQL (nothing you've received from user input or another system, etc.). In the more common case, though, you'd want to use a PreparedStatement, call setXyz to set parameters, and then call executeUpdate() (the zero-args version). This habit keeps you safe from SQL injection. More explanation and examples on this useful site: http://bobby-tables.com/.
Most of the times when you are updating a table you don't get a ResultSet as the result, So no need to close the ResultSet.
Just close the Statement.
I am using Java for my application and Oracle database in the back-end
ResultSet GetCar()
{
CallableStatement cs;
ResultSet rs;
try{
//conn = dbConnector.getConnection();
conn = dbConnection.getStaticConnection();
cs = conn.prepareCall("begin select_all_car(?); end;",
ResultSet.TYPE_SCROLL_SENSITIVE, ResultSet.CONCUR_READ_ONLY);
cs.registerOutParameter(1, OracleTypes.CURSOR);
cs.execute();
rs = ((OracleCallableStatement)cs).getCursor(1);
return rs;
}
}
void foo()
{
ResultSet rs = GetCar();
rs.beforeFirst();
}
In foo rs.beforeFirst is giving me this error: "Invalid operation for forward only resultset : beforeFirst"
And this is my query for ORACLE database:
CREATE OR REPLACE PROCEDURE
SELECT_ALL_CAR
(
pCar_Recordset OUT SYS_REFCURSOR
)
AS
BEGIN
OPEN pCar_Recordset FOR
SELECT ID, MANUFACTURER, MAKE, YEAR, MODEL
FROM CAR
ORDER BY ID;
END SELECT_ALL_CAR;
what am I doing wrong? is it oracle cursor? how can I make my resultset scrollable?
As #Przemyslaw pointed out you could use a PreparedStatement to call your stored procedure (no need to move your implementation to the front end, and your front end should not be making SQL calls directly anyway) you can define an ad hoc procedure call to then call your existing (packaged right?) stored procedures. If that isn't acceptable, you can create a view (or a materialized view) and query from that instead.
I need to execute this SQL code:
exec procedure(param, param, param, param)
select * from bla_bla_table;
commit;
And get a ResultList from this query.
I tried to do it like this:
CallableStatement stmt = connection.prepareCall("{call procedure(param,param,param,param)}");
stmt.execute();
How can I insert sql statement select * from bla_bla_table; here before commit to get the ResultSet. I tried a lot of ways to do that... but nothing helps.
Did you try this?
connection.setAutoCommit(false); // Disable Auto Commit
CallableStatement stmt = connection.prepareCall("{call procedure(param,param,param,param)}");
stmt.execute();
Statement stmt2 = connection.createStatement();
ResultSet rs = stmt2.executeQuery("select * from bla_bla_table"); // Result set for Query
connection.commit();
Add this code after the execution of your code.
PreparedStatement prep = connection.prepareStatement(string);
ResultSet rs = prep.executeQuery();
// now iterate the resultset.
Before everything you should make sure that you run a transaction by setting the autocommit option of the connection to false.
connection.setAutoCommit(false);
String poster = "user";
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery("SELECT * FROM `prices` WHERE `poster`="+poster);
This does not work.Any tips or tricks would be appreciated.
Try surrounding the poster variable with single quotes, like this:
ResultSet rs = stmt.executeQuery("SELECT * FROM `prices` WHERE `poster`='"+poster+"'");
That's because SQL expects strings to be surrounded by single quotes. An even better alternative would be to use prepared statements:
PreparedStatement stmt = con.prepareStatement("SELECT * FROM `prices` WHERE `poster` = ?");
stmt.setString(1, poster);
ResultSet rs = stmt.executeQuery();
It's recommended using PreparedStatement since the way you are currently building the query (by concatenating strings) makes it easy for an attacker to inject arbitrary SQL code in a query, a security threat known as a SQL injection.
1) In general, to "parameterize" your query (or update), you'd use JDBC "prepared statements":
http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html
2) In your case, however, I think all you need to do is add quotes (and lose the back-quotes):
// This is fine: no back-quotes needed
ResultSet rs = stmt.executeQuery("SELECT * FROM prices");
// Since the value for "poster" is a string, you need to quote it:
String poster = "user";
Statement stmt = con.createStatement();
ResultSet rs =
stmt.executeQuery("SELECT * FROM prices WHERE poster='" + poster + "'");
The Statement interface only lets you execute a simple SQL statement with no parameters. You need to use a PreparedStatement instead.
PreparedStatement pstmt = con.prepareStatement("
select * from
prices where
poster = ?");
pstmt.setString(1, poster);
ResultSet results = ps.executeQuery();
I want to capture the cost numbers from the query plan you get when you 'Explain' a query. Is there any way to get at this data inside of a Java ResultSet(or similar object)?
Sure, just run it as a regular statement:
Statement stmt = connection.createStatement();
ResultSet rs = stmt.executeQuery("explain analyze select * from foo");
while (rs.next())
{
System.out.println(rs.getString(1));
}
In addition to the answer supplied above, I would suggest that you make use of the ability to format EXPLAIN plans as XML in PostgreSQL 9.0 and later.
EXPLAIN ( analyze on, format xml ) SELECT ...
This will give you explain output you can more easily work with in Java by manipulating it as XML.
An other example with PreparedStatement, this time.
Like this:
PreparedStatement preparedStatement = connection.prepareStatement("EXPLAIN (ANALYZE true , VERBOSE true , BUFFERS true)" +
"SELECT * FROM Table");
ResultSet resultSet = preparedStatement.executeQuery();
while (resultSet.next()) {
System.out.println(resultSet.getString(1));
}
Or with a bind parameter:
PreparedStatement preparedStatement = connection.prepareStatement("EXPLAIN (ANALYZE true , VERBOSE true , BUFFERS true)" +
"SELECT * FROM Player WHERE id = ?");
preparedStatement.setLong(1, 1);
ResultSet resultSet = preparedStatement.executeQuery();
while (resultSet.next()) {
System.out.println(resultSet.getString(1));
}