What are the special cases in which serialization cannot happen?
-> There are following scenarios in which serialization cannot happen:
a. Variables are transient.
b. Variables are static.
c. Base class variables are serialized if class itself is serializable.
java prevent sql injection - using PreparedStatement
PreparedStatement is the best way to prevent sql injection in java, rather than escaping strings.
Here's a simple example taking the user's input as the parameters:
public insertUser(String name, String email) {
Connection conn = null;
PreparedStatement stmt = null;
try {
conn = setupTheDatabaseConnectionSomehow();
stmt = conn.prepareStatement("INSERT INTO person (name, email) values (?, ?)");
stmt.setString(1, name);
stmt.setString(2, email);
stmt.executeUpdate();
}
finally {
try {
if (stmt != null) { stmt.close(); }
}
catch (Exception e) {
// log this error
}
try {
if (conn != null) { conn.close(); }
}
catch (Exception e) {
// log this error
}
}
}
No matter what characters are in name and email, those characters will be placed directly in the database. They won't affect the INSERT statement in any way.
There are different set methods for different data types -- which one you use depends on what your database fields are. For example, if you have an INTEGER column in the database, you should use a
setInt
method. The PreparedStatement documentation lists all the different methods available for setting and getting data.redirect message to IO stream
How could Java classes direct program messages to the system console, but error messages, say to a file?
The class System has a variable out that represents the standard output, and the variable err that represents the standard error device. By default, they both point at the system console. This how the standard output could be re-directed:
Stream st = new Stream(new FileOutputStream("output.txt"));
System.setErr(st);
System.setOut(st);
The class System has a variable out that represents the standard output, and the variable err that represents the standard error device. By default, they both point at the system console. This how the standard output could be re-directed:
Stream st = new Stream(new FileOutputStream("output.txt"));
System.setErr(st);
System.setOut(st);
java socket connect read string
Java - create socket connection to HOST:PORT and read message from there
import java.io.*;
import java.net.*;
import java.util.*;
public class Time_Server_Socket_Test_Java {
public static void main(String[] args) {
try {
Socket s = new Socket(HOST, PORT);//use your own HOST:PORT
try {
InputStream inStream = s.getInputStream();
Scanner in = new Scanner(inStream);
while (in.hasNextLine()) {
String line = in.nextLine();
System.out.println(line);
}
} finally {
s.close();
}
} catch (IOException e) {
e.printStackTrace();
}
}
}
How to serialize variables selectively
In a Java class, one has 10 variables. One wants to serialize only 3 variables,how can this be achieved?
->Make variables as 'transient' which are not to be serialized.
->Make variables as 'transient' which are not to be serialized.
Subscribe to:
Posts
(
Atom
)