zapytania wg ID i wg nazwy - zwykły SQL

PC30-SklepSpring/src/main/java/sklep/controller/ProductController.java

@@ -2,6 +2,7 @@ package sklep.controller;
 
 import java.sql.Connection;
 import java.sql.DriverManager;
+import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
@@ -10,7 +11,9 @@ import javax.sql.DataSource;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 
 @Controller
@@ -23,9 +26,10 @@ public class ProductController {
 	public String wszystkieProdukty() {
 		StringBuilder sb = new StringBuilder();
 		
+		final String sql = "SELECT * FROM products ORDER BY product_id";
 		try(Connection c = dataSource.getConnection();
-			Statement stmt = c.createStatement();
-			ResultSet rs = stmt.executeQuery("SELECT * FROM products ORDER BY product_id")) {
+			PreparedStatement stmt = c.prepareStatement(sql);
+			ResultSet rs = stmt.executeQuery()) {
 			
 			while(rs.next()) {
 				sb.append("* produkt ")
@@ -41,4 +45,57 @@ public class ProductController {
 		return sb.toString();
 	}
 
+	@RequestMapping(path="/products/{id}", produces="text/plain")
+	@ResponseBody
+	public String jedenProdukt(@PathVariable int id) {
+		StringBuilder sb = new StringBuilder();
+		
+		final String sql = "SELECT * FROM products WHERE product_id = ?";
+		try(Connection c = dataSource.getConnection();
+			PreparedStatement stmt = c.prepareStatement(sql)) {
+			stmt.setInt(1, id);
+			try(ResultSet rs = stmt.executeQuery()) {
+				if(rs.next()) {
+					sb.append("Znaleziony produkt:\n")
+						.append(rs.getString("product_name"))
+						.append(" za cenę ")
+						.append(rs.getBigDecimal("price"))
+						.append('\n');
+				} else {
+					sb.append("Nie ma produktu o numerze ").append(id);
+				}
+			}
+		} catch (SQLException e) {
+			e.printStackTrace();
+			sb.append("Błąd: " + e);
+		}
+		return sb.toString();
+	}
+	
+	@RequestMapping(path="/products/szukaj", produces="text/plain")
+	@ResponseBody
+	public String wyszukajProdukty(@RequestParam String name) {
+		StringBuilder sb = new StringBuilder();
+		
+		final String sql = "SELECT * FROM products WHERE product_name = ? ORDER BY product_id";
+		try(Connection c = dataSource.getConnection();
+			PreparedStatement stmt = c.prepareStatement(sql)) {
+			
+			stmt.setString(1, name);
+		
+			try(ResultSet rs = stmt.executeQuery()) {
+				while(rs.next()) {
+					sb.append("* produkt ")
+						.append(rs.getString("product_name"))
+						.append(" za cenę ")
+						.append(rs.getBigDecimal("price"))
+						.append('\n');
+				}
+			}
+		} catch (SQLException e) {
+			e.printStackTrace();
+			sb.append("Błąd: " + e);
+		}
+		return sb.toString();
+	}
 }

PC30-SklepSpring/src/main/webapp/WEB-INF/templates/index.jsp

@@ -28,7 +28,7 @@
 <li><a href="/products">products</a> - wszystkie produkty</li>
 <li><a href="/products/1">products/1</a> - jeden produkt</li>
 <li><a href="/products/9">products/9</a> - nieistniejący produkt</li>
-<li><a href="/wyszukiwarka">wyszukiwarka</a></li>
+<li><a href="/products/szukaj">wyszukiwarka</a></li>
 <li><a href="/products/new">nowy produkt</a></li>
 <li><a href="/products/1/edit">edycja produktu</a></li>
 </ul>