Reputation: 303
Passing query parameters rest client
I have a rest service that retrieves data from a database and returns it to the client. i want the client that is invoking the service to pass parameters to use them in sql query select and display the server output in console. this is what i've managed to do:
@GET
@Path("Result")
@Produces("application/json")
public String getPerson(@QueryParam("nom") String nom, @QueryParam("prenom") String prenom) {
ArrayList <Persons> persons= new ArrayList<Persons>();
Persons person = new Persons();
String query = "Select * from persons where nom=' " + nom + "' and prenom ='" + prenom + "'";
System.out.println(query);
bdcon = new BDConnexion();
try {
conn = BDConnexion.ConnecterBD();
res = bdcon.getResultSet(query, conn);
while (res.next()) {
person.setNom(res.getString(1));
person.setPrenom(res.getString(2));
persons.add(person);
}
} catch (SQLException ex) {
Logger.getLogger(PersonService.class.getName()).log(Level.SEVERE, null, ex);
}
String json = new Gson().toJson(persons);
return json;
}
rest client:
Client client = Client.create();
WebResource webresource = client.resource("http://localhost:8080/PersonServ/rest/Persons/Result")
.queryParam("nom", nom)
.queryParam("prenom",prenom);
ClientResponse response = webresource.accept("application/json").get(ClientResponse.class);
if (response.getStatus() != 200) {
throw new RuntimeException("Failed : HTTP error code : "
+ response.getStatus());
}
String output = response.getEntity(String.class);
System.out.println("Output from Server .... \n");
System.out.println(output);
I'm not getting any errors but the client class is not displaying any results. Can anyone help me?
Upvotes: 1
Views: 5161
Answers (1)
Reputation: 23361
As discussed in the comments the actual problem is in the query. There are few things that should be fixed also.
First:
String query = "Select * from persons where nom=' " + nom + "' and prenom ='" + prenom + "'";
^
|_ There is an extra space here. Take it out
But this is just to show you that you should be aware of the problems that comes with concatenating parameters in a query.
Second: Your code is prone to SQLInjection as mentioned by @peeskillet in comments. In order to avoid that you should use Prepared Statements, something like this:
conn = BDConnexion.ConnecterBD();
String selectSQL = "select * from persons where nom=? and prenom=?";
PreparedStatement preparedStatement = conn.prepareStatement(selectSQL);
preparedStatement.setString(1, nom);
preparedStatement.setString(2, prenom);
ResultSet rs = preparedStatement.executeQuery(selectSQL);
while (rs.next()) {
....
Don't forget to close the resources and the connection on the finnaly block of your try
Third: Initialize the Persons person = new Persons(); inside the while loop. Java work with references so instantiating it outside of the loop you will result in a list filled with objects pointing to the same reference which will result in all objects on your list with the same values (last one of the loop).
Upvotes: 1
Related Questions
- What's the difference between REST & RESTful
- Should I use Singular or Plural name convention for REST resources?
- What are the -Xms and -Xmx parameters when starting JVM?
- SOAP vs REST (differences)
- Java URL encoding of query string parameters
- How do I use optional parameters in Java?
- Use of PUT vs PATCH methods in REST API real life scenarios
- HTTP POST with URL query parameters -- good idea or not?
- Representational state transfer (REST) and Simple Object Access Protocol (SOAP)
- Understanding REST: Verbs, error codes, and authentication