View
214
Download
0
Embed Size (px)
Citation preview
DT211/3 Internet Application Development
Databases
Database
• Almost all web application on the net access a databasee.g. shopping sites, message boards, search engines
• Relational databases (uses tables) are the most common type used
• Small application may use just one table, larger applications may have have hundreds of tables
• In JSP, database access can be done using scriplets or using JSTL
• JSTL supplies the SQL library to enable database access
Relational DBs
Data is stored in tables. Rows and columns in tables can berelated to rows and columns in other tables in the dB
Each table usually has a primary key
Structured Query Language (SQL) is used to query the databaseCommon SQL Statements: SELECT, INSERT, UPDATE, DELETE
customer ID Name Phone1 John 879687 2 Liz 9756453 Rory 321544
SELECT * from customers?
SELECT name, phone from customers where customer_ID = 2 ?
Row
Column
Relational DBs
INSERT
INSERT INTO CUSTOMERS (customer_ID, name, phone)VALUES (5, “JOHN”, “875895”)
UPDATE
UPDATE CUSTOMERS SET NAME = “Robert” WHERE CUSTOMER_ID = 1
DELETE
DELETE FROM CUSTOMERS WHERE CUSTOMER_ID = 2
Some Database concepts• To access a database from a web application,
need a path or connection to the database
• To support multiple connections to the same database- have connection pooling. Works like a group of connections that are used by clients as needed and “put back” in the pool as needed.
• Each database engine (e.g. Oracle, SQLServer, Access) needs its own database driver (The driver is just a piece of software that translate SQL calls between the web application to the database).
• Web applications have to “load” the appropriate driver in order to connect to the database
Some Database concepts• Java provides the JDBC API (Java Database Connectivity
API) to enable a uniform interface to differentdatabase engines
• JDBC enables java code that accesses a databases to beportable from one database to another (provided the correct driver is used).
• Many databases have an ODBC (Open DatabaseConnectivity) interface (e.g. access)
• Sun provides a JDBC-ODBCdriver for development purposes
•JDBC-ODBC driver enables java (and JSP) applications to connect to ODBC databases, using the JDBC API
•Note: In production environment, should use a production quality driver from the database vendor
Some Database concepts
Databases and web application
•Variety of databases available for use by web applications
•typically will use relational database with support for Structured Query Language
•Examples of common databases used: SQL server, MySQL, Oracle, Access
Datasource names (DSNs)
• To use a database in a web application need to say: - What the database is called - Where is resides - What driver is required by the database
• ODBC databases allow a Data source name to be used as a quick way to specify the above within the applicaton
• e.g. , rather than saying “I want to connect to an Access2000 database named Exams.mdb in d:\samples\database directory in every JSP page that uses the particular database, will rather create a DSN named Exams
• Note: not all databases will support DSNs.
Datasource names (DSNs)
• To SET UP a data source name in Windows:
• Go to Windows control panel / administrative tools /system DSN (NOT user DSN)
• Add a new database source, selecting appropriate driver
• Note: Will use microsoft access for development purposes – it’s an ODBC database and supports DSNs
Accessing a database from JSP
• Need to identify and connect to the database to be used with the JSP page:
1) Global datasource: Can specifying a default datasource in a Tomcat configuration file for the application called the web.xml file. The datasource will automatically be made available to the JSP if done this way – Good approach for larger applications.
OR
2) Direct from JSP: by specifying the database details directly within the JSP page. Use instead of (1) all the time OR just to override the default data source specified in (1)
Will cover 1) on next course. Good for larger applications.
Will use 2) for development purposes. (Useful for smaller applications - but does not support connection pooling)
Using option 2):
• Can use java code (via scriptlets) OR JSTL <SQL> tags to access databases. We’ll use JSTL here.
• Full description of <SQL> tags in JSTL documentation
• Note: To use JSTL <sql> tags, need to include the appropriate <taglib> directive into the JSP page
Accessing a database directly from JSP page
•Use the <SQL:setDataSource> action from the JSTL SQL library and specify the attributes it needs
•The <SQL:setDataSource> action creates a database connection in the background
•Note: Can use the datasource name in the action, if available – as shown on next page. Otherwise, have to specify direct database and driver locations.
Accessing a database directly from JSP page
Accessing a database from JSP
with a Data source name
<sql:setDataSource var=“productsdb" driver=“sun.jdbc.odbc.JdbcOdbcDriver" url="jdbc:odbc:products” user = “cindy” password = “DIT” scope = “session” datasource = .. />
Can specify username/password - optional
DSN
setDataSource tag has seven attributes:
Will use this name in any other SQL statementsTo access the Db
• Note: IF issue in setting up DSN (e.g. permissions problem in Labs)..
Have to specify the database more specifically within the <SQL:setDataSource> tag
<sql:setDataSource var ="shopDb"
scope = "session" driver = "sun.jdbc.odbc.JdbcOdbcDriver" url = "jdbc:odbc:Driver={Microsoft Access Driver (*.mdb)};DBQ=c:\\Assignment\Shopping.mdb"
/>
Accessing a database from JSP
(without a DSN)
Instead of the DSN, have to enter in exact URL required for that database.. Including full path to the database
Querying a database
• To query a database… just use the sql: query tag
• Example
•
<sql:query var = “productResult” dataSource = “${productsdb}” SELECT * FROM Products WHERE ProductID = ? <sql:param value = “${param.productNAME}”>/ <sql:query>
Holds the value of to be transferred into the ? placeholder.
Variable to holdquery result
• Will return all rows from Products table with a product ID name same as that supplied in the product name parameter
DSN as defined in the setDAtasource
Querying a Database
• Querying, where parameter value is already known (i.e. not passed in…)
•
<sql:query var = “productResult” dataSource = “${productsdb}” SELECT * FROM Products WHERE ProductType = ‘grocery’<sql:query>
Note: DOESN’T use “ “. !
Querying a database: <sql:query>
<sql:query> tag has 6 attributes
• dataSource
• sql
• maxRows
• startRows
• var
• scope
(p 151 of specification)
• Name of datasource. Optional. Needed if setDataSource tag used
• SQL statement. Mandatory. unless specified as the body.
• Optional. Maximum # of rows to show in result. Default is all rows
• Optional.
• Mandatory. The name of the variable to store the result.
• Optional. The scope for the query results - page (default), request, session or application.
Set this carefully if you want to carry query results through to another page
Scope of a query…
A JSP page itemsearch.jsp queries a database for a list of items that can be added to a shopping cart
The results of the query search will be displayed on another JSP page called results.jsp
The scope of the query that is executed in itemsearch.jsp needs to be ‘request’. Otherwise, queryresults will have ‘disappeared’ when itemsearch.jsp haspassed control to results.jsp (because default scope is‘page’ for queries).
<sql:query var = “productResult” scope = “request” dataSource = “${productsdb}” SELECT * FROM Products WHERE ProductID = ? <sql:param value = “${param.productNAME}”>/ <sql:query>
Specify the scope of the query results if the results need to be available to the request, session or application. The default scope is page.
Scope of a query…
Querying a database: Partial info
• Search engines, on-line catalogues often need to allow user to search a database using partial information
• e.g. First name begins with “A” , surname contains “mc”
• In SQL, use the LIKE keyword and wildcard characters (%, _)
• SQL Examples of partial searches
Search * From Customers WHERE FirstName LIKE “Jon%”
Search * from Customers WHERE LastName LIKE “Sm_th”
Querying a database: Partial info
• To implement in JSTL, need to just incorporate the LIKE keyword and the wildcard characters
• Example:<sql:query var = “nameResult” dataSource = “S{customerDb}” SELECT FirstName, LastName FROM Customers WHERE FirstName LIKE ? AND LastNAME LIKE ? <sql:param value = “${param.firstName}%”>/
<sql:param value = “%${param.lastName}%”>/ <sql:query>
• Will return all rows from Employee table where first name begins with firstName parameter and last name contains value of lastName parameter
• In the example, saw that query result is put into a variable
Processing result of a query
<sql:query var = “nameResult” …. etc
• This variable will contains the results set (a set of rows) of the query
• This variable is of type Result (javax.servlet.jsp.jstl.sql.Result class ) and has a number of properties that can be used to process the result
• When a query is run, need to be able to process the results e.g. to display rows back as a HTML table
Properties for Result interface
• rows
• rowCount
• columnNames
• limitByMaxRows
• rowsByIndex
Processing result of a query
• Rows returned by the query (array of column names and values)
• Number of rows in the result
• Array of column names
• boolean. true if Result was truncated due to maxRows attribute
• Rows return by the query, as arrays(rows/columns) of indexes
Processing result of a query: example
• To display back a list of customer names in a HTML table as a result of previous query:
<sql:query var = “nameResult” etc
• Want to display back on web page:First name Last nameJohn MurphySylvia McAllisterTom Jones
etc
•Need to display column names, followed by row results… with appropriate HTML tags <tr>, <th>, <td> etc
<table> <tr> <th> First name /<th> <th> Last name /<th> </tr><c:forEach items = “${nameResult.rows}” var = “row” <tr> <td> <c:out value = “$row.FirstName}” />
<td> <td> <c:out value = “$row.LastName}” />
<td> </c:forEach></table>
Processing result of a query: example
Rows from nameResult
Property “rows”is used
Assignany variable
name to accessthe columns
Query: Code sample – outputs all rows on a table
to a html page<%-- Queries a user table (customers) and returns a list of names --%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %><%@ taglib prefix="sql" uri="http://java.sun.com/jsp/jstl/sql" %>
<%-- queries a table and outputs the results --%><%-- Note: this example DOESN’T use DSNs --%> <sql:setDataSource
var ="shopDb" scope = "session" driver = "sun.jdbc.odbc.JdbcOdbcDriver"url = "jdbc:odbc:Driver={Microsoft Access Driver (*.mdb)};DBQ=c:\\test\Labdb.mdb"
/>
<%-- Selects username and address details from user table for all rows --%> <sql:query var="userList" scope="request" dataSource = "${shopDb}"> SELECT UserName, Address1 FROM Customers </sql:query> <c:choose> <c:when test = "${userList.rowCount ==0}"> Sorry, there are no customers on the </c:when> <c:otherwise> Here is the list of customers <br> <table border="1"> <th>User name</th> <th>Address</th>
Query: Code sample – outputs all rows on a table
<c:forEach items="${userList.rows}" var="row"> <tr> <td><c:out value="${row.UserName}" /></td> <td><c:out value="${row.Address1}" /></td> </tr> </c:forEach> </table> </c:otherwise> </c:choose>
Query: Code sample – outputs all rows on a table
Updating a database• To update database information, can use INSERT,
UPDATE or DELETE
• Use the <sql:update> is used for any SQL statement that doesn’t return rows -- it is used for INSERT, UPDATE, DELETE
• <sql:update> specification on page 148 of jstl specificaiton document
• <sql:update> has three attributes: sql (= sql statement), var (for result) and scope
• Uses ? and <sql:param> to assign parameter values in same way as <sql:query>
Updating a database
Reminder --- SQL statements are of the form:…
INSERT
INSERT INTO CUSTOMERS (customer_ID, name, phone)VALUES (5, “JOHN”, “875895”)
UPDATE
UPDATE CUSTOMERS SET NAME = “Robert” WHERE CUSTOMER_ID = 1
DELETE
DELETE FROM CUSTOMERS WHERE CUSTOMER_ID = 2
INSERT• To INSERT a new record on a table called
Customers
• Example:<sql:update> INSERT INTO Customers (UserName, Password, FirstName, LastName,DateofBirth) VALUES (?, ?, ?, ?, ?) <sql:param value = ${param.userName}” /> <sql:param value = ${param.Password}” /> <sql:param value = ${param.FirstName}” /> <sql:param value = ${param.LastName}” /> <sql:dateParam value = ${parsedDateofBirth}” type =
“date”/></sql:update>
Table name
Column names
Column values
• Place holders (?) for column values are filled up by request parameters (I.e. very unlikely to be hardcoded!)
• Request parameters are matched against the ?s in the order they appear
• Add in the datasource name into the statement
INSERT
•Note: setting a column that contains date or time – need to use a special tag action called <sql:dateParam> because of JDBC API quirk (requires specific JDBC data and time types).
•Also, if database table contains columns that are numeric (e.g. INT, REAL etc), may need to use the <fmt:parseNumber> action to convert a string request parameter
Data conversion
UPDATE• To update database row(s), simply use the UPDATE
statement in the SQL statement
• example: to update password, firstname and lastname on the row(s) in the Customer table where userName matches that held in the username request parameter. <sql:update>
UPDATE Customers SET Password = ?, FirstName = ?
LastNAme = ? WHERE UserName = ? <sql:param value = ${param.Password}” /> <sql:param value = ${param.FirstName}” /> <sql:param value = ${param.LastName}” />
<sql:param value = ${param.UserName}” /></sql:update>
DELETE• To update database row(s), simply use the
UPDATE statement in the SQL statement
• example: To delete all rows from the Customer table where the username matches that held in the userName request parameter.
<sql:update dataSource = ….whatever..>DELETE FROM CustomersWHERE UserName = ?, <sql:param value = ${param.userName}” /></sql:update>
Example of a simple search application that allows a user to search for an employee using a form (search.html). The search is processed by find.jsp, andpresented back by list.jsp**
** Separates presentation from business logic/request processing
Sample code: find.jsp
%@ taglib prefix="sql" uri="http://java.sun.com/jstl/sql" %>
<sql:setDataSource var ="empDb" scope = "session"
driver = "sun.jdbc.odbc.JdbcOdbcDriver" url = "jdbc:odbc:employeedb" />
<sql:query var="empList" scope="request" dataSource = "${empDb}"> SELECT * FROM Employees WHERE FirstName LIKE ? AND LastName LIKE ? AND Department LIKE ? ORDER BY LastName <sql:param value="%${param.firstName}%" /> <sql:param value="%${param.lastName}%" /> <sql:param value="%${param.dept}%" /></sql:query><jsp:forward page="list.jsp" />
connect to the databasewith appropriate driver
Results of querymust be available during the
full request (in order to send result on to another page)
Forward controLto list.jsp to
display results
Sample code – search.html
<html> <head> <title>Search in Employee Database</title> </head> <body bgcolor="white">
Please enter information about the employee you're looking for. You can use partial information in all fields.
<form action="find.jsp" method="get"> <table> <td>First Name:</td> <td><input type="text" name="firstName"> </td> </tr> <tr> <td>Last Name:</td> … ETC ETC….. rest of form </body></html>
Calls find.jsp
List.jsp displays the rows found. If not row found, displays an error
Sample code – list.jsp
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %><%@ taglib prefix="sql" uri="http://java.sun.com/jstl/sql" %>
<html> <head> <title>Search Result</title> </head> <body bgcolor="white">
<c:choose> <c:when test="${empList.rowCount == 0}"> Sorry, no employees were found. </c:when> <c:otherwise> The following employees were found: <p> <table border="1"> <th>Last Name</th> <th>First Name</th> <th>Department</th>
The name of the query
Sample code – list.jsp
<c:forEach items="${empList.rows}" var="row"> <tr> <td><c:out value="${row.LastName}" /></td> <td><c:out value="${row.FirstName}" /></td> <td><c:out value="${row.Department}" /></td> </tr> </c:forEach> </table> </c:otherwise> </c:choose> </body></html>
The name used by the developerto access the contents of each row.The used as row.LastName… etc
Common errors
• Not specifying the datasource in your SQL command (get “database null” error in Apache when running)
• Using wrong number of parameters in SQL action
• When Specifying the dataSource name in a SQL statement, need to put it as an expression in ${ } ... otherwise, it will take the exact name in the “ “ and use it. Get an error, no suitable driver if you do this wrong.
• Scope: Make sure the scope on the SQL statement is correct, so that the connection or SQL statement results carry through to the required pages.
Tags used
• <sql:setDataSource>• <sql:query>• <sql:update>
Database access using JSLT
• Usually used for simple applications
• Can use java beans or servlets for database access for more complex applications
Info on JSTL
Sun tutorial. Chapter 14 is on JSTL at:
http://java.sun.com/j2ee/1.4/docs/tutorial/doc/index.html
Contains examples
Also, Sun’s JSTL 1.0 tag specification on distrib. Good for definition of each tag. Poor on examples