Home/ Questions/Q 1073045
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T20:56:25+00:00

Started coming up with a java web app for online user interaction. Decided to

  • 0

Started coming up with a java web app for online user interaction. Decided to use a MySql DB for data storage. I have already created the tables with the proper/expected data types. My question is I always thought the next step would be to creat stored procedures like Search/Add/Delete/etc.. that the user could envoke from the page. So in my java code I could just call the procedure ex:

CallableStatement cs;
Try 
{
  String outParam = cs.getString(1);     // OUT parameter

  // Call a procedure with one in and out parameter
  cs = connection.prepareCall("{call SearchIt(?)}");
  cs.registerOutParameter(1, Types.VARCHAR);
  cs.setString(1, "a string");
  cs.execute();
  outParam = cs.getString(1);    
}
catch (SQLException e) {
}

but if my application was not in the need for stored procedures because the user actions would be simple enough to execute simple tedious queries. How could I set up my Java and Sql code to handle that. Could I just have the “Select” or “Update” statements in my code to manipulate the data in my MySQL DB. If so how would that syntax look like?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This URL has documentation on using prepared statements which is what you want to use to avoid security flaws (SQL Injection and such).

    http://download.oracle.com/javase/tutorial/jdbc/basics/prepared.html

    here’s an example from that page

    PreparedStatement updateSales = connection.prepareStatement(
        "UPDATE COFFEES SET SALES = ? WHERE COF_NAME LIKE ? ");
updateSales.setInt(1, 75); 
updateSales.setString(2, "Colombian"); 
updateSales.executeUpdate():
    • 0