Java™ Application Development on Linux - Dator

15.4 Querying Data333// queryString mySQL = "SELECT id, pw FROM Users WHERE name = ?";PreparedStatement stmt = conn.prepareStatement(mySQL);stmt.setString(1, args[0]);If you’re at all familiar with SQL then you’ll recognize the SQL syntaxwithin the String mySQL. Whatever you want your query to be, just build itas literal text. The query is “parameterized” by using the “?” character. Wherevera “?” appears in the query string, you can substitute a value with thesetString() method on the PreparedStatement class.There are a variety of setXXXX() methods where XXXX stands for differentdata types. Besides setString(), the most common ones are setInt(),setBigDecimal(), setDouble(), and setTimestamp() which set theparameter from an int, BigDecimal, Double, and Timestamp classes, respectively.The java.sql.Timestamp class is basically a java.util.Date augmentedfor compatibility with SQL’s notion of TIMESTAMP. Read moreabout it on the Javadoc page for java.sql.Timestamp, or read thejava.sql.PreparedStatement page for more on the other set methodsavailable.The two arguments to each of these set methods are the index and thevalue that you want to substitute. The index is simply the count of whichquestion mark gets substituted, starting with 1 for the first one. Caution: Theparameters start at one, even though most other things in Java, such as Arrays,ArrayLists, and so on, are zero-based. So it’s not uncommon in code thatuses JDBC to see something like this:setInt(i+1, args[i]);NOTEBuilding SQL queries out of String literals is made easier in Java by a convenientmismatch between the two languages. In Java, Strings are delimitedby double quotes (") whereas in SQL literals are bounded by single quotes('). Thus in Java, you can construct SQL queries that contain literal stringreferences without much trouble, as in:String clause = "WHERE name != 'Admin'"