Arlon's CSUMB Intro to Database Systems CST-363 Module 4 Learning Journal #4/#20 for the week Wed 05/19-Tues 05/25, year 2021

-

Arlon's CSUMB Intro to Database Systems CST-363 Module 4 Learning Journal #4/#20 for the week Wed 05/19-Tues 05/25, year 2021

Prompt for week 4:

  1. When coding a Java program that will perform a SELECT statement that return multiple rows, what are the steps needed? The first is to make a connection to the database and the last is close the connection. What are the other steps? 
    1. // Write the query as a string in MySQL
String sql_query_string="SELECT * FROM `everything` 
	 where name like ?; -- (etc.)";

    2. // Make a prepared statement with the string
PreparedStatement preparedStatement =  connection.prepareStatement(
		sql_query_string);

    3. // Replace the ?'s in the prepared statement with setString() and setInt()
preparedStatement.setString(1, name.trim()+"%");
    4. // Execute the query with MySQL:
ResultSet resultSet=preparedStatement.executeQuery();
    5. // Iterate the rows, get each column: 
while (resultSet.next()) {
	// Row details accessible here with ints like 1,2,3 1st, 
	// 2nd, 3rd columns in that row:
	String a=resultSet.getString(1), b=resultSet.getString(2), 
			c= resultSet.getInt(3); 
			// each row is here, columns are 
			// 1, 2, 3 - like: 
			// resultSet.getString(1) <-2,3 etc.
}
    6. And if you want you can extrapolate all that and put it all in an ArrayList of HashMaps<String, String> 's like our group did. (I'll keep our algorithm secret.)
  2. What is a parameterized SQL statement? That's where it has ?'s instead of actual parameters - so java automatically filters the input to filter for all kinds of injection attacks.
  3. Do a google search for "SQL injection attack". What is an "injection attack" and how do parameterized statements help to prevent such security attacks?

    Mysql injection attacks are when a hacker puts executing code into an innocent form in order to exploit lack of validation and see results the programmer didn't intend anyone to see, which could likely be a security breach. The way it works is the java somehow filters the input when it replaces the ?'s with what the input will be. That way injection attacks are much less likely. Known attacks are filtered out. One I saw from my google search was just putting two dashes -- in a form - that (in the past) made the end of the query get commented out ( that would never work now it would just choke things ) but it shows how simple attacks could be if an attacker knew what to put in. Anyways parameterized statements filter out input so that can't happen as much, if parameterized statements are used to build the website.

Actual Journal Notes:

I thought it was funny I had to look up what 'fill a prescription' means...

I really like the ajaxy feel of dev in Spring Boot - not just the interface of what your program gets but how the interface of the program to built it works, too. I built it in Notepad++ of course and then to update the site it's literally one click on eclipse and it refreshes what I just did, and you don't even need to refresh the web page because it's what the page will request that matters and it's ready after one single click - pretty awesome - so amazing how it auto-reloads even if you save in another editor. They put some real thought behind this system, whoever made it. It works really good. I don't hate it, and that says a lot for a big framework like that. I don't know exactly how do deploy - for two reasons - how to get it hosting to port 80 - and how to port forward through multiple routers - I already talked the second one several times.

I liked how the assignment gave us object binding at the beginning and parameter passing for the second two and the extrapolation prompted by the sequence of questions landing us at 

private java.util.ArrayList<java.util.HashMap<String,String>> arrayMapResultSQLTableGetter(
		Connection conn, String sql_start, String[] keys,String ... sql_params) throws SQLException{ /* !!! */ }
getting a whole table back in an ArrayList<java.util.HashMap<String,String>> for convenience.

Comments

Post a Comment

Popular posts from this blog

Module 2 Learning Journal 1-19-21

-
 2021-01-19 Summary of Thomas Friedman's - New Rules - In a word, working hard is no longer good enough, we have to go above and beyond working hard, relating this philosophy to meanings extracted from ex-presidential quotes. Summary of Trends in Computing 2021 (21 predictions for 2021) - This article grazes the surface of supposed (debate-ably) cutting edge technologies offering educated opinion regarding what is at the forefront and what will fall behind. Cloud computing, AI, blockchain among other debate-ably forefront technologies are mentioned and predicted about. Summary of the Introduction to Project Management video - This video explains how programming gets done in a medium to large size corporation with emphasis on the project management role. There are lots of programmers and programming that falls outside of this model (Linus Torvalds did not have a project manager telling him how to create Linux, and you could name lots of others, myself as well, Klaus Knopper is anoth
Read more

Service Learning Journal 56, Friday week 8 CST-462s Race,gender, Class in the Digital World

-
Image
Service Learning Journal 56, Friday week 8 CST-462s Race,gender, Class in the Digital World Assigned questions: What went well? What would you improve? What was the most impactful part? Just an attitude of wanting to make an impact makes an impact. People see the spirit of wanting to participate, join in and help with what they are doing and automatically that generates positive energy. What challenges did you face? In 25 hours nobody really knows exactly what to do with you, especially at first, so you kind of have to jump in, be outgoing, which is tough if you're shy (myself) and show what you can do. Once the ice is broken and people see you're not just there because you have community service in lieu of jail time or something, and see that you want to help and participate, you should be good. What went well was general overall attitude by all parties involved. My service site was extremely friendly with me and that really helped me for me to come out of my shell and
Read more

Arlon's CSUMB Intro to HTML CSS JavaScript Node PHP and Web Programming CST-336 Modules 8 Learning Journal #8/#48 for the week Wed 12/15-Tues 12/21, year 2021

-
Image
Arlon's CSUMB Intro to HTML CSS JavaScript Node PHP and Web Programming CST-336 Modules 8 Learning Journal #8/#48 for the week Wed 12/15-Tues 12/21, year 2021 This week was for finishing up our final group project, a swap meet organization site, and our final test: Big Swap That site has a lot of features, it connects to a MapQuest mapping API for maps, address geolocating, open weather API for weather results, and has lots of database queries in Express and tons of work behind it to make it all work and look great. PW: secret Thanks for reading! And some more from previous weeks: Last week's image search gallery example homework: Unsplash Image Search Gallery Arlon's Unspash Image Gallery Search example page in an iframe: Here's the Authentication & Sessions example pw: secret678. Arlon's Sessions & Authentication example page in an iframe: Quotes Arlon's Quote Databa
Read more