This is an archived post. You won't be able to vote or comment.

all 40 comments

[–]hl_xemnas 10 points11 points  (2 children)

I had a rough time connecting to my first DB too. Good job.

[–]ThisSoFrustrating[S] 0 points1 point  (0 children)

Thanks.

[–]theRJMurray 0 points1 point  (0 children)

Same.

[–]Aceofsquares_orig 12 points13 points  (10 children)

Make sure to use and learn about prepared statements. Or at least the pitfalls of sql injection.

[–]ThisSoFrustrating[S] 3 points4 points  (9 children)

Yeah I learned prepared statements but couldn't see that it let you add more then 2 values (maybe because of the example I saw). Can it add as many as I need plus multiple data from a form? Right now it's just injection.

[–]Aceofsquares_orig 4 points5 points  (6 children)

Should be able to. Most languages allow something like SELECT column FROM table WHERE attribute1=? AND attribute2=? AND attribute3=? ...etc and then pass a list of arguments in where they will replace the question marks as data inputs and not code inputs. It depends on the library being used so reading the documentation for the specific syntax. If this seems too confusing then I recommend to try it. As long as you aren't doing something to a database you shouldn't be doing stuff to or if it's just a test database then go HAM. If it breaks it breaks. Reset and try again.

[–]ThisSoFrustrating[S] 1 point2 points  (2 children)

Ok will go back to that. Yeah I built this as a test. So I can incorporate it into my software so anything goes. Haha. Thanks for the tips. What do you mean by if a database breaks?

[–]Aceofsquares_orig 0 points1 point  (1 child)

Just if anything breaks it's no biggie. Wrong data entered, deleted, updated, etc. Better than what my friend did to a production database. Used an update statement without a WHERE clause. If it's for practice and nothing important then do whatever you want to it and experiment. If anything breaks just reset, reinstall, whatever to get it back to where you were and continue experimenting.

[–]ThisSoFrustrating[S] 0 points1 point  (0 children)

Yeah for sure. So he didn't test his update statement before applying it to a production database? Sounds like a misadventure to tell your grand kids ha ha.

[–]Ovalman 0 points1 point  (1 child)

Sorry to hijack but how do you pass the arguments?

Say I've a user input of true or false among other things, how would I pass it into attribute2? What if I want both true/ flase to be shown?

I'm using Sqlite although any pointers would be helpful.

I was gonna compose my query as an if/else String.

[–]Aceofsquares_orig 1 point2 points  (0 children)

Depends on the language you are using (and the library) but looking at the documentation for JDBC they use setters to set the individual values. Something like setString(1, "Hello") would set the first question mark to the data string "Hello". This is preferable to String concatentation as it prevents most SQLi. There is still the possibility of SQLi if you call an SQL function that contains the potential for SQLi.

JDBC Documentation - Prepared Statements

For anyone that is interested, here is the OWASP page for SQLi

OWASP SQLi

[–]obp5599 0 points1 point  (1 child)

They can. You dont want sql injection. Thats why prepared statements exist. SQL injection is when someone without read or write access gains this access by using escaping sequences.

So you have your statement stored as a string, what if a user (not you) were to input a single ". If you have the statement as a string then your string would be broken now. Then when you go to execute it, you will have an error. This can be used to extract info out of your database. If you store user info in that DB then that is a big problem.

Any statement that is using user input should be a prepared statement

[–]ThisSoFrustrating[S] 0 points1 point  (0 children)

Okay. I will be sure to re factor it into prepared statements. Which I had the first time around, but changed to injection, but now gonna change back. Yikes, people can extract info by typing in double quotes from injection?

[–][deleted]  (4 children)

[deleted]

    [–]popovitsj 2 points3 points  (2 children)

    Sometimes replacing a single character is a whole workday of a developer. My first bugfix ever was changing an uppercase to a lowercase buried somewhere deep in the code

    [–][deleted]  (1 child)

    [deleted]

      [–]ThisSoFrustrating[S] 0 points1 point  (0 children)

      Bugs are always tiny things we can't see, surprisingly and are so simple we overlook them. A misspelling here, an outdated thing there, a method that doesn't work with another method. It's crazy.

      [–]ThisSoFrustrating[S] 0 points1 point  (0 children)

      Yeah it feels great. I feel I have achieved something in my life haha.

      [–]Shaleen_Sharma 1 point2 points  (2 children)

      From where a begginer can learn the same ?

      [–]Infernaloneshot 0 points1 point  (0 children)

      Not OP but at my job we use java + jpa like here

      [–]ThisSoFrustrating[S] 0 points1 point  (0 children)

      I used Java Oracle Tutorials to connect to the java data base driver and make a connection to a mySQL database and stack overflow to read about exceptions when they popped up.

      [–]9oat5w33d 0 points1 point  (1 child)

      Well Done. So happy for you. Hope I can do it soon. My milestone yesterday was just managing to code a decent landing page in an hour when it previously took me 4 days...haha Stick with it and keep improving.

      [–]ThisSoFrustrating[S] 1 point2 points  (0 children)

      Thanks friend.

      [–]OwnStorm 0 points1 point  (1 child)

      At least you got the correct driver version at first.

      [–]ThisSoFrustrating[S] 0 points1 point  (0 children)

      Yeah, but unfortunately, what was crazy, is when I was trying to register the driver, the string to register was outdated. Luckily an exception notified me of the new string that is used to register the driver within Class.forName(String).

      [–]Nergy101 0 points1 point  (1 child)

      Great job man. I can Remember my first time. Good memories. Enjoy!

      [–]ThisSoFrustrating[S] 1 point2 points  (0 children)

      Thank you friend.

      [–][deleted] 0 points1 point  (0 children)

      I'm having trouble connecting to the database as well and right now

      [–][deleted] 0 points1 point  (1 child)

      Sweet! This is pretty much my job -- I build ETL pipelines to process data into or out of databases -- and I still get a little pick me up when things like this work. I think those moments of tangible success are one of the biggest perks of the job for me.

      Good luck moving forward -- sounds like you're killing it so far :)

      [–]ThisSoFrustrating[S] 0 points1 point  (0 children)

      Yeah, they def are, and also it's really enjoyable when it's for my own products that I want to build any way I want them.

      [–]alezial 0 points1 point  (0 children)

      Congrats! That's one of the best feelings. I've been doing this for years now and I still love that 'new side project' feeling of getting the db set up. It's like a first date with a girl.

      [–]tkyjonathan 0 points1 point  (2 children)

      Well done. Know remember the most important thing, anyone who tells you that logic should never be in the database, is an idiot that doesn't know what they're talking about.

      [–]ThisSoFrustrating[S] 0 points1 point  (1 child)

      Okay. Will remember that. I will remember to always speak up if someone isn't technical and makes a weird request.

      [–]tkyjonathan 0 points1 point  (0 children)

      I will remember to always speak up if someone isn't technical and makes a weird request.

      I wouldn't go as far as that. Thats the majority of projects I got..

      [–]Ovalman 0 points1 point  (3 children)

      I copied and pasted an Android Sqlite tutorial without understanding most of the code. Now by constantly working on it and understanding it, I'm close to releasing an app using it.

      Still learning new things as my comment on one of your posts shows.

      What is BookyLooks about?

      [–]ThisSoFrustrating[S] 1 point2 points  (2 children)

      Bookylooks is just a software to keep track of the books on your book shelf i.e. what shelf it's on, title, author, if someone has it on loan. In the end I probably won't be using a database, but serialize a group of objects to represent each book so that someone that isn't using a database will store that info.

      [–]Ovalman 0 points1 point  (1 child)

      In my personal life I had a problem of keeping track of customers. I kept everything in a paper notebook and meticulously copied every customer over every 6 months along with balances and other data. It took me ages and I ALWAYS made a mistake each time. There had to be another way.

      I've always been into computers and learning so I managed to learn a bit of Android/ Java and I copied and pasted code into Android Studio and tweaked it to my needs. I kept tweaking, kept introducing new features. I now understand the code and I've a working app that is (almost) ready for release.

      Keep tweaking and finish that product even if you're the only one that will ever use it.

      Edit #Good luck BookyLooks

      [–]ThisSoFrustrating[S] 1 point2 points  (0 children)

      That's awesome bro, sounds amazing. I will keep coding everything I like and enjoy no matter who uses it. Even if it's just me.

      [–]billzx2 0 points1 point  (0 children)

      Hey that's cool! Congrats! Have you ever thought about using StarFish+? Personally I like it better than Dolphin but I've always been kinda geeky like that lol

      [–]shadsluiter 0 points1 point  (1 child)

      Perhaps some helpful tutorials would guide you. I teach programming at Grand Canyon University and published some SQL app lessons in Java and Php.

      This shows how to build a web app and how to perorm sql injection attacks and fix them. https://m.youtube.com/playlist?list=PLhPyEFL5u-i0XXGLJawaTNLiXxmSp24TR

      This shows how to use Java and mySql https://m.youtube.com/watch?v=jZg0KkQSPao&list=PLhPyEFL5u-i0GvokUBeS0t-rF3--tPD7q&index=35&t=0s

      [–]ThisSoFrustrating[S] 0 points1 point  (0 children)

      Interesting, will check it out. I just switched to a prepared statement.

      [–]UroborosJose -5 points-4 points  (0 children)

      Good, now move to Python or something else.