0

In my project i need to create a file for each student and i thinki have the method created, here it is below

    public addStudent(String fullName, int grn, String formClass, String formTeacher)
    {
        //Default values
        int creativity = 0;
        int action = 0;
        int service = 0;
        int total = 0;

        //Initialize File
        RandomAccessFile adding     = new RandomAccessFile(new File(fullName + ".dat"), "rw");
        long fileSize = adding.length();
        adding.seek(fileSize);

        //Variables from Method
        adding.writeUTF(fullName + "\n");
        adding.writeInt(grn + "\n");
        adding.writeUTF(formClass  + "\n");
        adding.writeUTF(formTeacher  + "\n");

        //Variables created in method
        adding.writeInt(creativtiy + "\n");
        adding.writeInt(action + "\n");
        adding.writeInt(service + "\n");
        adding.writeInt(total + "\n");

        adding.close();
}

I just keep thinking that its not right and would like some clarification about certain parts such as this line

    RandomAccessFile adding     = new RandomAccessFile(new File(fullName + ".dat"), "rw");

fullname is a variable that is passed into the method and it is the name and surname of a student (ex: John Lennon). What i want to do is have the file named "John Lennon.dat". however i keep thinking my approach here is wrong.

Another question is about the integer values. they will be updated from time to time, but by simple addition of current+new. How do i do that?

Vincent Frodont
  • 11
  • 1

1 Answers1

0

  1. You have to be carefull if you use possible user input (fullname) unfiltered for naming your files. This can lead to a security hole. You should check fullname for special characters which are not allowed in your file system or would change your directory. Imagine someone could input ../importantfile as fullname and without checking it is possible to overwrite some important files in other directories. The safest way is to use some generic name schema for your files (like data1.dat, data2.dat and to store the relation fullname to filename in another place (maybe a file index.dat).

  2. I assume you have a good reason to use a RandomAccessFile here. According to your code it is possible to have more than one record in one file. If you do not store the record's starting position at another location then you have to read one record after another. If you found your record to change then you have to read in all fields before your integer value so that your file position points to the integer start position. Then you can read your integer, change the value, move your file position 4 bytes back (seek(-4)). Then you can write your modified integer value.

Alternatives:

  • You can read the whole file in, modify the integer values and then create the whole file new and overwrite the old. For short files this could be less complex without a significant performance penalty (but this depends, if you have thousand files to change in a short time, this alternative is not recommended).
  • You can store the file positions of your integer values in another place and use these to directly access these values. This only works if your strings are immutable.
  • You can use an alternative file format like XML, JSON or serialized objects. But all of these doesn't support in situ changes.
  • You can use an embedded database like SQLite or H2 and let the database care about file access and indexing.
vanje
  • 10,180
  • 2
  • 31
  • 47