Post

Executing SQL queries using JDBC statements

Posted
By Alexander Chuev
4 min read

Introduction

Executing SQL queries is a fundamental task in Java applications that interact with databases. Java Database Connectivity (JDBC) provides a flexible and standardized API for executing SQL statements against various relational database management systems (RDBMS). This article explores the process of executing SQL queries using JDBC statements, covering essential concepts, methods, examples, and best practices.

Overview of JDBC Statements

JDBC statements allow Java applications to send SQL queries and updates to the database. There are three main types of JDBC statements:

  1. Statement
    Used for executing simple SQL queries without parameters.
  2. PreparedStatement
    Extends Statement and provides support for precompiled SQL queries with parameters, enhancing performance and security.
  3. CallableStatement
    Used for executing stored procedures in the database.

Steps to Execute SQL Queries

1. Establish a Database Connection

Before executing SQL queries, establish a connection to the database as discussed in the previous article Establishing a Connection to a Database.

1
2
3
4
5
6
7
8
9
10

String url = "jdbc:mysql://localhost:3306/mydatabase";
String user = "username";
String password = "password";

try (Connection conn = DriverManager.getConnection(url, user, password)) {
    // Connection established
    // Proceed to execute SQL queries...
} catch (SQLException e) {
    e.printStackTrace();
}

2. Create a JDBC Statement

Depending on the complexity of your SQL query and whether it requires parameters, choose the appropriate JDBC statement:

  • Statement: For simple SQL queries without parameters.
  • PreparedStatement: For SQL queries with parameters.
  • CallableStatement: For executing stored procedures.

Here’s how you can create different types of statements:

1
2
3
4
5
6
7
8
9
10
11
12

// Create a Statement
Statement stmt = conn.createStatement();

// Create a PreparedStatement with parameters
String sql = "SELECT * FROM users WHERE username = ?";
PreparedStatement pstmt = conn.prepareStatement(sql);
pstmt.setString(1, "john.doe");

// Create a CallableStatement for stored procedures
String sqlProcedure = "{call get_user_by_id(?)}";
CallableStatement cstmt = conn.prepareCall(sqlProcedure);
cstmt.setInt(1, 123);

3. Execute SQL Queries

Use the appropriate method (execute, executeQuery, executeUpdate) on the statement object to execute SQL queries:

  • executeQuery(String sql)
    Executes a SELECT query and returns a ResultSet object containing the query results.
  • executeUpdate(String sql)
    Executes INSERT, UPDATE, DELETE, or DDL statements and returns the number of affected rows.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

// Execute a SELECT query
String selectQuery = "SELECT * FROM users";
try (ResultSet rs = stmt.executeQuery(selectQuery)) {
    // Process the ResultSet
    while (rs.next()) {
        int id = rs.getInt("id");
        String username = rs.getString("username");
        // Handle retrieved data...
    }
} catch (SQLException e) {
    e.printStackTrace();
}

// Execute an INSERT statement
String insertQuery = "INSERT INTO users (username, password) VALUES (?, ?)";
try {
    pstmt.setString(1, "jane.doe");
    pstmt.setString(2, "password123");
    int rowsInserted = pstmt.executeUpdate();
    if (rowsInserted > 0) {
        System.out.println("A new user was inserted successfully!");
    }
} catch (SQLException e) {
    e.printStackTrace();
}

// Execute a stored procedure
String procedureCall = "{call get_user_by_id(?)}";
try {
    cstmt.setInt(1, 456);
    ResultSet rs = cstmt.executeQuery();
    // Process the ResultSet from the stored procedure call
    while (rs.next()) {
        int userId = rs.getInt("id");
        String username = rs.getString("username");
        // Handle retrieved data from the stored procedure...
    }
} catch (SQLException e) {
    e.printStackTrace();
}

4. Handle Exceptions and Cleanup Resources

Always wrap JDBC operations in try-catch blocks to handle SQLException and ensure proper cleanup of resources (ResultSet, Statement, Connection):

1
2
3
4
5
6
7
8
9
10
11
12
13
14

try {
    // Execute SQL queries here...
} catch (SQLException e) {
    e.printStackTrace();
} finally {
    // Close resources in a finally block or use try-with-resources
    try {
        if (rs != null) rs.close();
        if (stmt != null) stmt.close();
        if (conn != null) conn.close();
    } catch (SQLException e) {
        e.printStackTrace();
    }
}

Best Practices

  • Use PreparedStatement
    Prefer PreparedStatement over Statement for SQL queries with parameters to prevent SQL injection attacks and improve performance.
  • Avoid Concatenating SQL Strings
    Instead, use parameters (?) in SQL queries to improve readability, security, and performance.
  • Close Resources Properly
    Always close ResultSet, Statement, and Connection objects properly to release database resources and avoid memory leaks.

Conclusion

Executing SQL queries using JDBC statements is a fundamental aspect of building Java applications that interact with databases. By understanding the different types of JDBC statements (Statement, PreparedStatement, CallableStatement) and their respective methods (executeQuery, executeUpdate, execute), developers can effectively retrieve and manipulate data stored in relational databases. Adhering to best practices ensures secure, efficient, and reliable database interactions, contributing to robust and scalable Java applications that meet business requirements effectively.

jdbc
Java JDBC
© 2024 Java Tutorial Online. All rights reserved.