CODEWITHSUNDEEP
javamysqlperformanceserialization
XY-bane
XY-bane

Reputation: 31

does it make sense to serialize and object

I am trying to store data in MySQL. With columns 'ingredients' of type VARCHAR, 'recipe' of type TEXT and 'menu_id' of type TINYINT. 'ingredients' and 'recipe' should be viewed , adjusted and saved from a JTextArea.

Each object reference will have a different menu_id that will be used to call methods on. Methods like readCard(int menu_id) or 

public void adjustCard(){       
try{ 
String sset;
sset= "UPDATE eatingcard " + "SET menu_id = '"+ this.menu_id + "'," + "ingredients='" + this.ingredients + "'," + "recipe='" + this.recipe+ "' "+ "WHERE eatingcard.menu_id = " + this.menu_id;         

}catch{
 statement.executeUpdate(sset);      

             }catch(Exception e){
                 e.printStackTrace();
                 System.out.println("did not update");
             }

Does it make sense to serialize the object, if you only want to change it's ingredients and recipe with use of a JButton to save / update changes made ? Or should I rely on MySQL to handle all changes without serialization? I dont really see the advantage of serialization in this particular case.

Upvotes: 1

Views: 50

Answers (1)

leeor
leeor

Reputation: 17781

If you have no need to query the data, you can just save the data in a raw form, but I wouldn't recommend that that form be a serialized object. Using a serialized object is far less portable than a more standard interoperable format such JSON.

In any case, looking at your example, it seems quite likely that you would want to query that data at some point in the future (it could lend itself quite naturally to more structure). e.g. Search on ingredients? recipes? You also may want to update the data in more flexible ways in the future. For example, in a more normalized structure (say an ingredient per row in a table), you could easily add new ingredients. In your model, you would need to pull the whole object back in order to update the ingredients. This would be much less efficient.

Beyond that, and more importantly, it is not safe to just save user input as is into a database. The code you show above suffers from SQL injection. You should consider using prepared statements and bind the parameters so that the input is properly escaped.

Upvotes: 1

Related Questions