Differences between statement and preparedstatement

Source: Internet
Author: User
1. preparedstatement is pre-compiled, which greatly improves the efficiency of batch processing.
JDBC Stored Procedure 2. Use the statement object. When only one-time access is performed to the database, statement is used.
Object. The overhead of the preparedstatement object is greater than that of the statement object, which does not bring additional benefits to one-time operations. 3. Each time statement executes an SQL statement, the relevant database must compile the SQL statement. preparedstatement is pre-compiled,
Preparedstatement supports batch processing. 4. code fragment 1: String updatestring = "Update coffees set sales = 75
"+" Where cof_name like
'Colombian ′";
Stmt.exe cuteupdate (updatestring );

Code
Fragment 2:

Preparedstatement updatesales =
Con. preparestatement ("Update coffees set sales =? Where cof_name like?
");
Updatesales. setint (1, 75 );
Updatesales. setstring (2,
"Colombian ");
Updatesales.exe cuteupdate ();

The difference between Segment 2 and segment 1 is that the latter uses the preparedstatement object, while the former is a common statement object. The preparedstatement object not only contains the SQL statement, but also has been pre-compiled in most cases. Therefore, when executing the statement, you only need to run the SQL statement in the DBMS instead of compiling it first. When you need to execute the statement object multiple times, the preparedstatement object will greatly reduce the running time and, of course, speed up database access.
This conversion also brings you great convenience. You do not have to repeat the syntax of SQL statements. Instead, you only need to change the value of the variable to execute the SQL statement again. Whether the preparedstatement object is selected depends on whether the SQL statements with the same syntax are executed multiple times, and the difference between the two statements is only the difference between variables. If it is executed only once, it should be no different from ordinary objects, and it does not reflect the superiority of its pre-compilation. 5. Execute JDBC statements for many SQL statementsProgramGenerate a large number of statement and preparedstatement objects. The preparedstatement object is generally considered to be more effective than the statement object, especially when the same SQL statement with different parameters is executed multiple times. The preparedstatement object allows the database to pre-compile SQL statements, saving time and increasingCodeReadability.

However, in the Oracle environment, developers are actually more flexible. When statement or preparedstatement object is used, the Oracle database caches SQL statements for later use. In some cases, execution of the preparedstatement object takes a longer time because the drive itself requires additional processing and added network activity between the Java application and the Oracle server.

However, in addition to buffering, there is at least one better reason for us to prefer preparedstatement objects in enterprise applications, that is, security. Parameters passed to the preparedstatement object can be forcibly converted, so that developers can ensure that they match the underlying database format when inserting or querying data.

When processing data from users on a public web site, security issues become extremely important. The string parameter passed to preparedstatement is automatically ignored by the drive. In the simplest case, this means that when your program tries to insert the string "D 'Angelo" into varchar2, this statement will not recognize the first ",", this leads to a miserable failure. There is almost no need to create your own strings to ignore the code.

In the web environment, malicious users use applications that are poorly designed and cannot correctly process strings. Especially on public websites, all user input should not be passed to SQL statements without preparedstatement object processing. In addition, SQL statements should not be displayed when users have the opportunity to modify SQL statements, such as HTML hidden areas or a query string.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.