I'm working on creating a checkbook app for android using a database to record transactions. The design I'd envisioned was/is to allow the user the ability to create different "accounts" (savings account, checking account, etc) under whatever name they choose and use that as the database table name. However, using preparedStatements doesn't work when I try to create a table. So I'm wondering if I'm going to need to sanitize the input manually or if I'm missing something. This is my first Java/android database program and I've got no formal education in databases so its possible I completely missed something. **edited to reflect more accurately what I meant by account. As this will be on an android device I have no interest in multiuser setup.
Probably, you don't need a table for each user. You should revise your database structure.
Related
I'm currently developing an app that lets you create and save excercises and routines for the gym. I want the app to come with some example excercises and routines and also to give the user the ability to add his own.
The thing is, I know I can use "getFilesDir()" and save it in the internal memory, but if I do that, how do I put my example files also in the internal memory? I don't think I can do that without creating those files by code everytime the app runs. I've also tried putting the example excercises in "res/raw" but then the ones the user adds go to a different place and I don`t know if that's good practice, apart from just how annoying it is having to read them from different places.
Where would be the best place to put those excercises and routines files?
Thank you very much!
The best practice is to store data inside "Sqlite Database".
"Sqlite Database" is the internal database that android provides to store data locally and is easy to use.
It's queries are easy to implement. It is more easy to work on, if you have worked on any database before. Just create a "Database Helper" class and initiate inside the activity where you plan to store data.
Many big applications like "whatsapp", use this database to store data on user's device.
The plus point of using "Sqlite" is that, you can iterate through each and every data easily.
It is quick, easy to work and is also a good programming practice. It is also secure.
While using a sqlite database for managing your app data is the traditional
approach, there are also alternatives to it. Realm is such an alternative. You can check the comparison with sqlite and see if it meets your need.
https://realm.io/
In Android development, you can store locally and as well as remotely. This link will walk you through all possible ways to store data.
As per your requirement, I would recommend you got for SQLite Database provided especially for android as it is light weight. Sqlite queries are straightforward and easy to use with some APIs comes with the package. you can start with this link with Sqlite.
I suggest using Firebase to store your data. Not only it is online and realtime, it can also work in offline mode and sync later. Because you're developing a gym app, why not give it an online or offline capability? I think users prefer it that way. You can check it at firebase.google.com
This is more just a general thought and speculation from my side, being a student of Computer science.
Lets set the scene:
Lets assume that I have created a wonderful application in Java that I plan on selling in the future. The java application has a complex structure and uses connections to a database using JDBC etc to connect to the DB, get the information from some table in the DB and then work with that data.
To be able to connect the Java program to the DB i have to give the program some information of the DB such as the link, username to the DB and its password.
My DB holds alot of information that I do not want others to see without authority.
But these informations are clearly visible in the java code i created. How sure can I be that no one can access this information after the app has been compiled into a JAR file or a .EXE file?
This might be a dumb question, but I'm just curious.
Thanks
Don't compile the user & password values into your Java application. Write your application with the ability to read those values from an external properties file. Then it's your customers' responsibility to restrict access to that file so only trusted users can read or alter it.
Security concerns aside, configuration such as DB connection strings, usernames and passwords is not part of the shipped application but an installation specific setup. All the application needs to do, is to expose a simple way for the end users to spell out these settings (e.g. property files, xml, etc...).
With this approach, it is the users responsibility to secure usernames and passwords.
Short answer, you can't. If it's in the jar or exe, it will be visible. Your best bet is to encrypt the compiled files.
There is really no possible way to prevent someone from decompiling your code back to something akin to its original state. You could make it more difficult, but if someone is determined, they can get it back to code form. As such the correct response is to not put any sensitive information into your java code. Put it somewhere else.
In this case, you might consider moving the information you want to client to access in your DB to a different DB, that doesn't contain sensitive information. Alternatively, if your database software allows it, create a new user on the DB, that only has access to the data the client will view, and use that login in your java program.
EDIT: mysql users
To create a new user in mysql run the following command:
CREATE USER 'username'#'hostname' IDENTIFIED BY 'password';
if you want the same user to be accessibble from any host replace hostname with %
This user is created with no permissions by default, so now onto adding permissions. Here is an example
GRANT [permission_level] ON database.table TO 'username'#'hostname';
Replace the table name with * to specify every table in the database.
for a full explanation of the syntax of these options look here: CREATE, GRANT
This should help you restrict who can access what in your mysql database.
I was wondering if anyone could give me any advice to this project I have been given for the next week and a half.
The goal is to make a simple, informal windows CRM application with database to record customer call times, names, company name, follow up time, etc.
I was planning to create it in Java, do I need to create an installer/installation exe file/build using maven? Or would MS .Net be a better application to create it?
I need a search functionality which will search all entries to the database for key word, then pull back the information, i.e. if Joe rang with an enquiry about his order, assistant could search for "Joe" and pull back all rows with Joe in it, and assistant can see what the order was from the data displayed.
The System also needs to have a username and password to log in. For the meantime, saving the database locally is ok, but then maybe branch onto saving the database to the public drive then have different logins for staff members.
Do you think this kind of project would be feasible in the time frame, or any advice for my approach for development/structure of database?
Can this all be done simpler with MS Access?
Thanks for any help!
I have an application which supports multiple accounts (max 8). These accounts are local to the app. Each account has the following parts
Name of Site
Site tel number
type of control
username
pass
Currently I plan to implement them by using shared preferences. I will define keys for all the elements of 8 groups and save/retrieve them using shared preferences. I would like to know is this a good approach or should I use another approach?
Thanks in advance
It is better to use SQLite database for implementing your requirement. The main advantages of using this is
1. Can check username and password in easy way.
2. Can add more users in future.
SQLite Tutorial
'SharedPreferences' are stored in the data directory for the app, but if the user has a rooted device, this file can easily be accessed and read with just a text editor.
For storing account information, you should look into using MySQLi and data encryption.
As you have limited number of accounts and just a few settings for your accounts, that will work ok for you as you have up to 40 settings to save. It won't cause performance problems and you can write some kind helper class to manage those shared properties easier.
You should think about whether you want to increase the number of accounts in the future. If this is the case, you should consider SQLite database.
I'm writing a small app to play music. My target is Android API level 7 and up.
The app should only list and play music that has been tagged with a specific set of genres chosen by the user via the preferences, e.g. "Pop", "Rock", "Hillbilly".
Right now I'm trying to find an efficient way to find all album ids and album names that contain tracks which are tagged with the chosen genres.
This is easy in SQL. The phone stores the media meta data in an sqlite database. I have found it on the phone's internal memory, copied it via adb and tried some sqlite queries on it. The resulting query is an SQL one-liner with a chain of joins and it works fine.
This seems to be more difficult in Java with the Android SDK, at least with API level 7 and up. I can use managedQuery on the MediaStore to do some limited SQL syntax on that same underlying database, but if I understand things correctly there is no JOIN and no DISTINCT when using this API.
Also I may have overlooked this, but MediaStore allows me to search for all tracks of one genre, but not for all tracks of several genres in a single query.
So this all gets a bit of manual work in java. The program now has to do several managedQuery() calls for each genre and the program has to join the results and make them distinct with java, outside of sqlite (where this work belongs).
Is this really how it has to be done? Is there no way to just send a raw query to the sqlite database file?
Thanks!
No you can not directly access the underlying structure of the database -- in fact you have no way to know the actual structure of the database, it has changed across platform versions. The only direct queries you can do are the ones provided through the MediaStore protocol of the content provider.