try-with-resources and jdbc without sql injection

Posted on by
2

As I was on Oracle’s JDBC tutorial page, I noticed it was using a Statement rather than a PreparedStatement. I grumbled to myself about how this is teaching people to develop using SQL Injection and decided to Google for an example so I could tweet about it.

I was looking for an example of using try-with-resources automatic resource management using PreparedStatements. I searched on google for “try with resources jdbc”. This didn’t go well. I found a lot more of the same example including one from Martjin and Ben whom I respect. It is even that anyone’s example is bad. It is just oversimplified and implies that using createStatement is more common than using prepareStatement.

I then searched for “try with resources preparedstatement” to be more specific about it and found:

  • Informit does use a PreparedStatement but one without any binding variables.  Which means as an example, it isn’t much better.
  • JavaCodeGeeks does the same.
  • Someone on StackOverflow asked how best to do it and got an answer involving a nested try.  Which does work, but the nested try seem less readable than it needs to be.

I propose:


public List<String> query(Connection conn) throws SQLException {

List<String> list = new ArrayList<String>();

try (PreparedStatement stmt = createPreparedStatement(conn);  ResultSet rs = stmt.executeQuery()) {

while (rs.next()) {

list.add(rs.getString("name"));

}

}

return list;

}

private PreparedStatement createPreparedStatement(Connection conn) throws SQLException {

PreparedStatement ps = conn.prepareStatement(SQL);

ps.setString(1,  "test");

return ps;

}

The StackOverflow post proposes:

public List<String> query(Connection conn) throws SQLException {

List<String> list = new ArrayList<String>();

try (PreparedStatement stmt = conn.prepareStatement(SQL)) {

stmt.setString(1, "test");

try (ResultSet rs = stmt.executeQuery()) {

while (rs.next()) {

list.add(rs.getString("name"));

}

}

}

return list;

}

The StackOverflow answer is shorter.  I think the reason I like mine better is that is is easier to template out so the JDBC plumbing is only in a superclass.  Leaving us with

public List<String> query(Connection conn) throws SQLException {

List<String> list = new ArrayList<String>();

try (PreparedStatement stmt = createPreparedStatement(conn); ResultSet rs = stmt.executeQuery()) {

return processResultSet(rs);

}

return list;

}

The subclass then has two methods to implement:

  1. PreparedStatement createPreparedStatement(Connection conn)
  2. T processResultSet(ResultSet rs)  [templated to return type of subclass’ choosing]

Which approach do you like better?

java 7 on mountain lion

Posted on by
2

I upgraded to Mountain Lion and get Java 6 not found when trying to launch Eclipse or Open Office.  I then tried the command lion and get:

Jeanne-Boyarskys-MacBook-Pro:Applications nyjeanne$ java -version Unable to locate a Java Runtime to invoke.Jeanne-Boyarskys-MacBook-Pro:Applications nyjeanne$ java -version Unable to locate a Java Runtime to invoke.

Really?  I spent a good while getting Java 7 installed on Lion.  And now I get to do it again?  Luckily it wasn’t that problem.

I learned

Java 7 was still there under Library/Java/JavaVirtualMachines/.  It just wasn’t in my path anymore so the Mac didn’t recognize it.  After letting Apple install Java 6, everything was fine.  My Eclipse JRE pointed to Java 7 and Open Office launched with Java 6.

Conclusion

While this turned out to be a non-issue, I’m still blogging about it because this wasn’t what I expected to happen.

getting started with the chromebook – part 3

Posted on by
6

We’ve finished part 2 and I’m still happy with the Chromebook itself.  Today I’ll be walking through the process of activating 3g service from Verizon and my impressions of it.  I’ll post back some time from now how bandwidth usage is over time.  In particular, I’m concerned with how often/large the software updates are.  So far it has been 10 days and no updates so I know it isn’t a weekly thing.

Setup

“My Google Chromebook” has instructions on how to get started with 3g. Unfortunately, it is already out of date.  It says to click the network icon on the top.  It is no longer on the top.  Instead click on the bottom and choose “settings and help”.  Or go to chrome://chrome/settings/ in a browser.

  1. Pull down mobile access 

  2. Fill in a straightforward form.  It doesn’t require a credit card if choosing free plan  No dash allowed in mailing address though .  This is always fun.  My address has a dash.
  3. Terms and conditions warn you will be charged for video buffering even if you don’t watch it.  Sample bandwidth is shown.  10K for an email.  1MB for a webpage. 3mB for a PowerPoint.  200-500 MB for a Windows update.  (Wonder how much a Chrome OS one is).  More at verizonwireless.com/datacalculator.
  4. A month is considered 30 days
  5. See verizon.com/privacy and s at www.verizon.com/privacy/#limits
  6. You get a wireless #.  apparently the computer is treated as a phone nobody can call
  7. They also provide a # for Chromebook connectivity tech support: 800-922-0204.  Once you enter your #, it knows you have a Chromebook.

Checking your bandwidth usage

Verizon offers the following options to check your bandwidth usage:

  1. There are a few ways on the Chromebook.  I find the easiest to be:
    1. Click on network connection icon.
    2. Click on connected to Verizon Wireless
    3. Click on Verizon Wireless
    4. A pop-up comes up with the bandwidth remaining for the month and the number of days left in the month.  I’ve noticed sometimes the data doesn’t load on that screen.  Try again.
    5. Alternatively click “my account” on that page which opens a browser. That always works.  However, this data has quite a lag.  The pop-up tells me I have 50MB left and the browser says I have 75MB left
  2. My Verizon – This only works from the device not via a URL.  And if you are on the device it isn’t the easiest way.  I tried to register with verizonwireless but it says, “We’re sorry but you cannot register you tablet on MyVerizon.com.  Please setup your account information on your device.”

I also got a warning in the lower right corner of the screen when I only had 50MB data left available.  And when I ran out, I got a warning in that spot saying I was out of mobile data and a link to buy a plan.  Not sure if I had a plan whether I would get charged for overages or it would just stop. I  imagine the former.

I can’t find a way to check bandwidth from a different computer.  I asked in a forum.  I can get it by phone by calling 800-922-0204 or 888-294-6804 and entering my phone #/4 digit security code.  It’s a lot of info to enter and you have to talk to a human though which means it is easier to just ask my mother to check.  Note that I haven’t paid for the 1GB plan yet so it could get easier when I do.
Is it hard to connect?
I had trouble once so far.  It was during a thunderstorm; don’t know if that matters.  I wound up clicking the button to disable 3g and re-enable 3g and all was fine.  That or I waited a few minutes.
How is the speed?
For regular browsing it is fine.  It isn’t quite as fast as my home wifi but not noticeably different.  (Note that I have pretty slow DSL to compare to.)  I was able to watch a few videos on youtube without hitting any buffering.
Do I think 3G is enough?
So far so good.  It wouldn’t be enough for just me.  But I think the 1GB plan will be enough for someone who just browsers the internet and doesn’t listen to music/watch video.  To use up the free 100MB in 10 days, I uploaded a bunch of screenshots and watched some videos.  But I did most of my real internet surfing on my Mac.  Next month I’ll try to use it for internet more actively to see what happens.  But I will be buying the 1GB plan before giving the Chromebook to my mother giving her 10 times the bandwidth.  Unless OS patches are huge!