Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member
So far in this video series, I have shown you how to work with static SQL statements, statements that are the same when programmed, and when executed at runtime. But in many applications, you'll need to use parameterized SQL statements, statements where there are placeholders that you fill in with variable values at runtime. In JDBC, you do this with a class called PreparedStatement. The PreparedStatement class lets you set up an SQL statement as a string with these placeholders and then fill them in with variable values.
I'll demonstrate this in the project Prepared Statements. In this version of my console application, I have a static string representing the SQL statement. Right now, I'm retrieving all of the data from the Tours table. And then, when I display the data using this version of the displayData method, I'm first moving the ResultSet cursor to the end of the ResultSet, then getting the row to find out how many rows I got back. And then, if I got back zero, I say there were no tours found. And if I got back more than zero, I output the number and loop through and display the actual data.
I'll test this version of the application before I make any changes. And I see that I'm displaying all of the data from the database. Now let's change the requirements of our application. Let's say that the user is allowed to enter a numeric value representing the largest amount of money that they want to spend on a tour, and we want to retrieve only those tours where the price is less than or equal to the value that the user provides. The first step, I'll use a class named inputHelper that I have added to this project. In this version, in addition to the getInput method which returns a string, I have a method called getDoubleInput.
It calls the getInput method and then parses it and turns it into a double value. And if it fails because the end user enters a value that can't be parsed as a double, it throws an instance of number format exception. So going back to my main class, I'll place the cursor inside the main method right at the top, and I'll declare a new variable called maxPrice. Then I'll set up a try catch block. In the try block, I'll set the value of maxPrice using the inputHelper's static method getDoubleInput, and I'll display a prompt of enter a maximum price.
Within the catch section, if an error is thrown, I'll use a little bit of Error output, and I'll output a static string of Error: invalid number, and then I'll just clean up this try catch block so that instead of looking for the Exception object, I'll look for an instance of NumberFormatException. So now I have a value that I can plug into my SQL statement. I need to prepare the SQL statement to accept this variable value. I'll go up to the string where I'm setting the SQL statement, and I'll add a WHERE clause, and I'll use this syntax, WHERE price <= ? and then I'll put in a question mark.
Each time you add in a question mark, that's a placeholder for a variable value. In order to process this SQL statement, I need to add another class. Instead of statement, I'm going to use something called a PreparedStatement. The PreparedStatement is the JDBC class that knows how to process SQL statements with variable parameters. I'll place the cursor down within this try catch block, and I'll add Prepared to the beginning of the class name. Then to make sure that I have imported PreparedStatement, I'll move my cursor to the end of the name and press Ctrl+Space, and I'll choose the version of PreparedStatement that's a member of the java.sql package.
That adds an import statement at the top of the code. I'll open up my imports, and show that that was added correctly. Then I'll collapse them again. In order to instantiate a PreparedStatement object, instead of calling create statement, you call a method of the connection object, called prepareStatement. So, I'm going to change that code here. I'll call the prepareStatement method, and then in order to use this properly, before I pass in the type and the read-only setting, I'll pass in the SQL string as the first argument.
Then just as with a static statement, I'm setting the type so I can scroll, and I'm setting it to read-only. So now I have my PreparedStatement object. Before I execute the query, I have to fill in the placeholders or parameters. To do that, you call one of the many methods of the Statement object. For example, I'm filling in a double value, a numeric value that could have fractions. So, I'm going to set the value this way, stmt.set, and notice how many different Set methods there are.
Each of these methods takes an integer value and then the value you want to set. The parameters are indexed starting at one, not zero. I only have one parameter in MySQL statement, the price. So I'll choose the right method for my data type which is Double. I'll call setDouble. I'll pass in a value of 1, meaning I'm setting the first parameter, and then I'll pass in the maxPrice value as the value that I want to set. Notice that I'm getting a warning. I'll move the cursor over to the warning indicator, and it tells me that The local variable maxPrice may not have been initialized.
To fix that, I'll place the cursor within my catch block. And after I output the message that the user entered an invalid string that couldn't be parsed with a number, I'll return, and that will fix the flow of this code, so that now by the time I get to the code that's setting the double value, I'll know that the maxPrice is valid. Finally, I have one more change to make. When you use a PreparedStatement, you have already passed in the SQL string when you prepared the statement. So, you don't pass it in again when you execute it. So I'm going to remove SQL as an argument of the executeQuery method.
When I call executeQuery now, I'm working with the statement that already has the SQL, and that has already set its parameters. I'll save and run the code. When prompted, I'll click into the console, and I'll enter a value of 500. That means I want to see tours that cost less than or equal to $500. I get back 11 tours. I'll run the code again. This time, I'll pass in a value of $300. And I get fewer tours than I did the last time. I'll run it again.
This time I'll pass in $100. And I get back just one tour. And I'll run it one last time. And this time, I'll look for a really cheap tour, one that only costs $50. And I get back the message, no tours were found. You can set up your PreparedStatements with as many placeholders as you like and as many data types as you need to. Remember that there are many versions of the set method, one for each data type, so if you're working with an integer value in the database, use the setInt method, if you're working with a string, use setString, and so on and so forth.
The PreparedStatement interface is available for pretty much every database that has a JDBC driver. It lets you use parameterized SQL statements and greatly simplifies the process of creating applications that work with a database dynamically.
Get unlimited access to all courses for just $25/month.Become a member
61 Video lessons · 105281 Viewers
56 Video lessons · 117041 Viewers
71 Video lessons · 86235 Viewers
131 Video lessons · 41224 Viewers
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.