Add support of java.sql.PreparedStatement to HoptimatorConnection (#139)

This is to add another option to send SQL statements with many advantages, particularly preventing SQL injection attacks:
https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html

Author: nguyent8

hoptimator-jdbc/src/main/java/com/linkedin/hoptimator/jdbc/HoptimatorConnection.java

@@ -1,5 +1,6 @@
 package com.linkedin.hoptimator.jdbc;
 
+import java.sql.PreparedStatement;
 import java.sql.SQLException;
 import java.sql.Statement;
 import java.util.ArrayList;
@@ -32,6 +33,11 @@ public Statement createStatement() throws SQLException {
     return connection.createStatement();
   }
 
+  @Override
+  public PreparedStatement prepareStatement(String sql) throws SQLException {
+    return connection.prepareStatement(sql);
+  }
+
   public Properties connectionProperties() {
     return connectionProperties;
   }

hoptimator-jdbc/src/test/java/com/linkedin/hoptimator/jdbc/JdbcTestBase.java

@@ -2,6 +2,7 @@
 
 import java.sql.Connection;
 import java.sql.DriverManager;
+import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
@@ -34,8 +35,10 @@ protected void sql(String sql) throws SQLException {
   }
 
   protected void assertQueriesEqual(String q1, String q2) throws SQLException {
-    List<Object[]> res1 = query(q1);
-    List<Object[]> res2 = query(q2);
+    assertResultSetsEqual(query(q1), query(q2));
+  }
+
+  protected void assertResultSetsEqual(List<Object[]> res1, List<Object[]> res2) {
     Assertions.assertEquals(res1.size(), res2.size(), "ResultSets are not the same size");
     for (int i = 0; i < res1.size(); i++) {
       Assertions.assertArrayEquals(res1.get(i), res2.get(i), "Rows did not match at row #" + i);
@@ -53,17 +56,31 @@ protected void assertQueryNonEmpty(String q) throws SQLException {
   }
 
   protected List<Object[]> query(String query) throws SQLException {
-    List<Object[]> results = new ArrayList<>();
     try (Statement stmt = conn.createStatement()) {
       ResultSet cursor = stmt.executeQuery(query);
-      while (cursor.next()) {
-        int n = cursor.getMetaData().getColumnCount();
-        Object[] row = new Object[n];
-        for (int i = 0; i < n; i++) {
-          row[i] = cursor.getObject(i + 1);
-        }
-        results.add(row);
+      return buildRows(cursor);
+    }
+  }
+
+  protected List<Object[]> queryUsingPreparedStatement(String query, List<String> params) throws SQLException {
+    try (PreparedStatement stmt = conn.prepareStatement(query)) {
+      for (int i = 0; i < params.size(); i++) {
+        stmt.setString(i + 1, params.get(i));
+      }
+      ResultSet cursor = stmt.executeQuery();
+      return buildRows(cursor);
+    }
+  }
+
+  private static List<Object[]> buildRows(ResultSet cursor) throws SQLException {
+    List<Object[]> results = new ArrayList<>();
+    while (cursor.next()) {
+      int n = cursor.getMetaData().getColumnCount();
+      Object[] row = new Object[n];
+      for (int i = 0; i < n; i++) {
+        row[i] = cursor.getObject(i + 1);
       }
+      results.add(row);
     }
     return results;
   }

hoptimator-jdbc/src/test/java/com/linkedin/hoptimator/jdbc/TestBasicSql.java

@@ -1,5 +1,7 @@
 package com.linkedin.hoptimator.jdbc;
 
+import java.util.Arrays;
+
 import org.junit.jupiter.api.Test;
 
 
@@ -21,6 +23,8 @@ public void insertIntoSelectFrom() throws Exception {
     sql("CREATE TABLE T2 (A VARCHAR, B INT)");
     sql("INSERT INTO T2 SELECT * FROM T1");
     assertQueriesEqual("SELECT * FROM T1", "SELECT * FROM T2");
+    assertResultSetsEqual(query("SELECT * FROM T1 WHERE X = 'one'"),
+        queryUsingPreparedStatement("SELECT * FROM T1 WHERE X = ?", Arrays.asList("one")));
     sql("DROP TABLE T1");
     sql("DROP TABLE T2");
   }