SQL Injection is a technique to potentially impact the system of web world. It is used to take advantage of available vulnerable points of the system. It is just like inserting a SQL statement to be run on our database without information and confirmation to take full advantage of weak point. For example, in a registration or login page of a web system, instead of entering required information we used to enter SQL statement and force to run on our database to get their information from the database.
Showing posts with label JDBC. Show all posts
Showing posts with label JDBC. Show all posts
Sunday, November 11, 2012
SQL Injection-An Introduction
Sunday, August 26, 2012
JDBC
Introduction
JDBC is an API that helps java programmer to write java program to connect to a database, retrieve the data from form the database and perform various actions on the data in the java program.
Process of Java program to connect database through JDBC
Java program calls JDBC library.JDBC loads driver and driver talks to database.
The various classes used by java program to connect database in various steps of JDBC program are in following figure.
• Registering the driver A database driver is a collection of classes and interfaces written according to JDBC API.Since there are several drivers available in the market, we should first decide the driver that would be used for communication with the database server in a java program.
• Connecting to database
We establish a connection with the help of driver selected in prev. step.
• Preparing SQL statements
We create SQL statement using any of the interfaces like Statement, Preparedstatement and CallableStatement available in Java.sql package.
• Execute the SQL statements on the database
We use execute (), executeQuery () and executeUpdate () of statement interface.
• Retrieving the results
The result obtained by executing the SQL statement can be stored in an object with the help of interfaces like ResultSet, ResultSetMetaData etc.
• Closing the connection
We should close the connection between java program and database by using close() method.
Types of JDBC Driver
There are four types of java driver
Type 1: JDBC-ODBC Bridge Driver
This driver receives any JDBC calls and sends to ODBC driver. ODBC driver understands these calls and communicate with the database library.
Type 2: Native API-Partly Java Driver
It converts JDBC calls into database specific calls with the help of vendor database library. It communicates directly with the database server. So need of some binary code should be present in client machine.
Type 3: Net Protocol Pure Java Driver
It follows a three tier architecture where JDBC requests are passed through the network to a middle tier server. The middle tier server translates the request into database specific library and sends into the database server. The database server executes the request and gives back the results.
Type 4: Native Protocol Pure Java Driver
It converts JDBC calls into vendor specific database management system protocol so that client application communicates directly with the database server. This is completely implemented in Java to achieve platform independent.
JDBC is an API that helps java programmer to write java program to connect to a database, retrieve the data from form the database and perform various actions on the data in the java program.
Process of Java program to connect database through JDBC
Java program calls JDBC library.JDBC loads driver and driver talks to database.
The various classes used by java program to connect database in various steps of JDBC program are in following figure.
The following steps used by java program to connect to database using JDBC:
• Registering the driver A database driver is a collection of classes and interfaces written according to JDBC API.Since there are several drivers available in the market, we should first decide the driver that would be used for communication with the database server in a java program.
• Connecting to database
We establish a connection with the help of driver selected in prev. step.
• Preparing SQL statements
We create SQL statement using any of the interfaces like Statement, Preparedstatement and CallableStatement available in Java.sql package.
• Execute the SQL statements on the database
We use execute (), executeQuery () and executeUpdate () of statement interface.
• Retrieving the results
The result obtained by executing the SQL statement can be stored in an object with the help of interfaces like ResultSet, ResultSetMetaData etc.
• Closing the connection
We should close the connection between java program and database by using close() method.
Types of JDBC Driver
There are four types of java driver
Type 1: JDBC-ODBC Bridge Driver
This driver receives any JDBC calls and sends to ODBC driver. ODBC driver understands these calls and communicate with the database library.
Type 2: Native API-Partly Java Driver
It converts JDBC calls into database specific calls with the help of vendor database library. It communicates directly with the database server. So need of some binary code should be present in client machine.
Type 4: Native Protocol Pure Java Driver
It converts JDBC calls into vendor specific database management system protocol so that client application communicates directly with the database server. This is completely implemented in Java to achieve platform independent.
Subscribe to:
Posts (Atom)