JDBC & SQL injections

0.0(0)
studied byStudied by 2 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/10

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

11 Terms

1
New cards

JDBC

Java API that provides a standard way for java applications to interact with databases.

2
New cards

Main components of JDBC

  • JDBC API

  • JDBC Driver

3
New cards

JDBC API

  • Written 100% in pure java

  • Independent of platform, vendor and DBMS

4
New cards

JDBC Driver

  • Implementation of the API interface

  • Responsible for communication with the database

  • Dependent on used DBMS

5
New cards

JDBC general architecture

  • Java application uses API

  • API uses driver

  • Driver communicates with DB

6
New cards

Basic steps when working with JDBC

  1. Load the driver

  2. Define a connection URL

  3. Establish connection

  4. Create a stement

  5. Execute a statement

  6. Process the results

  7. Close the connection

7
New cards

Types of SQL statements

  • Statement

  • Prepared statement

  • Callable statement

8
New cards

Normal statement

  • SQL is built using string manipulation in the application

  • Each execution sends the full SQL string to the DBMS

  • The DBMS must check, parse, execute and optimise the code every time

  • Slower execution

9
New cards

Prepared statement

  • SQL is parameterized and sent to the DBMS once

  • The DBMS checks, parses, executes and optimises the statement only once

  • Repeated executions only send parameter values

  • Higher performance

10
New cards

SQL injections

  • Code injection technique that can break database

  • Occurs when using normal statements, you ask user for input.

11
New cards

How to avoid SQL injections

  • Use prepared statements

  • Use input sanitation functions