F28DM Database Connectivity Quiz

Questions and Answers

What type of connection is established between an application program and a DBMS?

Application program connection to DBMS

What is the purpose of a Prepared Statement in Java Database Connectivity?

To improve performance and prevent SQL injection

What is the main concern when using user input in SQL queries, and how can it be prevented?

SQL Injection, and it can be prevented by using Prepared Statements and parameterized queries

What is the purpose of result set processing in database connectivity?

To process the results retrieved from a database query

What is the purpose of indexing in a database, and what type of index does MySQL create?

Indexing improves query performance, and MySQL creates an index on columns used in WHERE, JOIN, and ORDER BY clauses

What is the primary key of the Account table in the given database schema?

accountNo

What is the purpose of the FOREIGN KEY constraint in the Account table?

To establish a relationship between the Account table and the branch table

What is the difference between a vendor-neutral and a vendor-specific driver in the context of database connectivity?

A vendor-neutral driver is a generic driver that can connect to multiple databases, while a vendor-specific driver is specific to a particular database management system

What is the purpose of the Connection Pooling mechanism in database connectivity?

To improve performance by reusing existing connections to the database

What are the steps involved in preparing a statement in JDBC?

Parsing, validation, optimization, and cost estimation

What is the limitation of using static statements in JDBC?

The query is validated and optimized at compile time, which can be a problem if the database schema changes

What is the problem with the ad hoc query String query = "SELECT * FROM Account WHERE accountType = '" + value + "'";?

It is open to any input and vulnerable to SQL injection.

What is the benefit of using prepared statements over ad hoc queries?

They prevent SQL injection by treating user input as a typed value, rather than part of the SQL code.

What is the purpose of the ; character in a malicious SQL injection attack?

It allows multiple commands to be executed.

What is the effect of the malicious input x' OR 'x'='x in a SQL query?

It causes every row to match the query, as X=X is always true.

Why is it recommended to avoid string concatenation when building SQL queries?

It leaves the query open to SQL injection attacks.

What is the benefit of using prepared statements with typed values in preventing SQL injection?

It prevents user input from being executed as SQL code.

What is the purpose of using prepared statements in database connectivity?

To limit the SQL that can be injected and prevent SQL injection attacks.

How can user input be validated to prevent SQL injection attacks?

By escaping characters, replacing ' with \', and converting inputs to the correct type, e.g. numeric input to int.

What is the benefit of limiting database user account privileges?

To prevent unauthorized access to the database and reduce the risk of SQL injection attacks.

What is the difference between a Statement and a PreparedStatement in database connectivity?

A Statement is a simple SQL statement, while a PreparedStatement is a precompiled SQL statement that can be executed multiple times with different parameters.

How can the result set of a database query be processed in Java?

By using a while loop to iterate over the rows of the result set, and using result set metadata to get properties.

Why is it important to use a separate database account for applications?

To prevent unauthorized access to the database and reduce the risk of SQL injection attacks.