Re: JDBC: getMoreResults() versus rs.next() & autoGeneratedKeys

From:

=?ISO-8859-1?Q?Arne_Vajh=F8j?= <arne@vajhoej.dk>

Newsgroups:

comp.lang.java.programmer

Date:

Sun, 11 May 2014 22:10:01 -0400

Message-ID:

<53702d7b$0$293$14726298@news.sunsite.dk>

On 3/12/2014 11:23 PM, firstsql@gmail.com wrote:

On Friday, December 20, 2013 6:07:04 AM UTC-8, Andreas Leitgeb wrote:

When would one call .getMoreResults() on a statement instead of just
another rs.next() on the first one (obtained from stmnt.getResultSet())?
Are these equivalent, or is there really a concept of multiple ResultSets,
each of which has its own independent set of rows?

Yes, there is the concept of multiple independent ResultSets.

Seeing the comments elsewhere in this thread, I was kind of
surprisedthat stored procedures returning multiple ResultSets was
somewhat obscure and that Oracle doesn't support them.

I was also under the apparently mistaken impression that passing
multiple statements (optionally separated by semi-colons or whatever)
to a single executeXXX(), or whatever, was reasonably well supported.
This case allows not just multiple queries but also a mixture of
statements: query, update, control and even DDL, returning multiple
'results', instead of just multiple ResultSets.

Allowing multiple SQL statements in a single execute can make
SQL injection much worse.

I would consider it a security flaw.

And it is not widely supported.

A quick test shows that the following does not allow it:
- MySQL by default
- Oracle
- DB2
- H2
- Derby/JavaDB
and only the following allow it:
- SQLServer
- MySQL with allowMultiQueries=true

Arne