When coding a Java program that will perform a SELECT statement that return multiple rows, what are the steps needed? The first is to make a connection to the database and the last is close the connection. What are the other steps?
Outside of these steps, you must also create a Prepared Statement, optionally insert strings using the ‘?’ and PreparedStatement.setString() method, and then exectute using PreparedStatement.executeQuery.
What is a parameterized SQL statement?
A parameterized SQL statement is a query that uses Java or other parameters and methods to prepare a SQL statement, instead of using a literal string.
Do a google search for “SQL injection attack”. What is an “injection attack” and how do parameterized statements help to prevent such security attacks?
Injection attacks are performed when a hacker directly executes SQL code from some sort of front-end application. Parameterized statements prevent this by requiring input to be of a certain data type, thereby preventing a hacker from inputting malicious code.