Scenarios in which Serialization cannot happen

What are the special cases in which serialization cannot happen?
-> There are following scenarios in which serialization cannot happen:
a. Variables are transient.
b. Variables are static.
c. Base class variables are serialized if class itself is serializable.

java prevent sql injection - using PreparedStatement


PreparedStatement is the best way to prevent sql injection in java, rather than escaping strings. 
Here's a simple example taking the user's input as the parameters:
public insertUser(String name, String email) {
   Connection conn = null;
   PreparedStatement stmt = null;
   try {
      conn = setupTheDatabaseConnectionSomehow();
      stmt = conn.prepareStatement("INSERT INTO person (name, email) values (?, ?)");
      stmt.setString(1, name);
      stmt.setString(2, email);
      stmt.executeUpdate();
   }
   finally {
      try {
         if (stmt != null) { stmt.close(); }
      }
      catch (Exception e) {
         // log this error
      }
      try {
         if (conn != null) { conn.close(); }
      }
      catch (Exception e) {
         // log this error
      }
   }
}
No matter what characters are in name and email, those characters will be placed directly in the database. They won't affect the INSERT statement in any way.
There are different set methods for different data types -- which one you use depends on what your database fields are. For example, if you have an INTEGER column in the database, you should use asetInt method. The PreparedStatement documentation lists all the different methods available for setting and getting data.

redirect message to IO stream

How could Java classes direct program messages to the system console, but error messages, say to a file?
The class System has a variable out that represents the standard output, and the variable err that represents the standard error device. By default, they both point at the system console. This how the standard output could be re-directed:

Stream st = new Stream(new FileOutputStream("output.txt")); 
System.setErr(st);
System.setOut(st);

java socket connect read string

Java - create socket connection to HOST:PORT and read message from there
import java.io.*;
import java.net.*;
import java.util.*;

public class Time_Server_Socket_Test_Java {
    public static void main(String[] args) {
        try {
            Socket s = new Socket(HOST, PORT);//use your own HOST:PORT
            try {
                InputStream inStream = s.getInputStream();
                Scanner in = new Scanner(inStream);

                while (in.hasNextLine()) {
                    String line = in.nextLine();
                    System.out.println(line);
                }
            } finally {
                s.close();
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}



How to serialize variables selectively

In a Java class, one has 10 variables. One wants to serialize only 3 variables,how can this be achieved?
->Make variables as 'transient' which are not to be serialized.