Statement
statement is an important way for Java to perform database operations by sending SQL statements to the database, based on the database connection already established. A statement object that executes a simple SQL statement without parameters. The object used to execute a static SQL statement and return the result it produces.
By default, each Statement object at the same time can only open one ResultSet object. Therefore, if you read a ResultSet object and read another intersection, the two objects must be generated by different Statement objects. If there is an open current ResultSet Object for a statement, All execution methods in the Statement interface will be closed implicitly.
Statementobject is used toSQLstatements are sent to the database. There are actually three kinds ofStatementobjects that are executed as a given connectionSQLthe containment of the statement:Statement,PreparedStatement(it fromStatementinherited) andCallableStatement(it fromPreparedStatementinherited). They are dedicated to sending specific types ofSQLstatement:Statementobject is used to perform a simpleSQLstatement;PreparedStatementobject is used to perform with or withoutinchpre-compilation of parametersSQLstatement;CallableStatementobject is used to perform a call to a stored procedure that already exists on the database.
the Statement Interface provides a basic way to execute statements and obtain results. the preparedstatement interface adds a method for handling in parameters, while callablestatement adds processing The method of the out parameter.
preparestatement
The PreparedStatement object has been precompiled, so it executes faster than the Statement object. Therefore, SQL statements that are executed more often are created as preparedstatement objects to improve efficiency.
As a subclass of Statement, PreparedStatement inherits all the functions of Statement. It also adds a whole set of methods for setting the value that is sent to the database in place of the in parameter placeholder.
CallableStatement
the CallableStatement object provides a way for all DBMS to invoke stored procedures in a standard form. Stored procedures are stored in the database. The call to the stored procedure is the content contained in the CallableStatement object. This invocation is written in a code-changing syntax, in two forms: one form with the result parameter and the other without the result argument. The result parameter is an output (out) parameter, which is the return value of the stored procedure. Both forms can have parameters with a variable number of inputs (in parameters), output (out parameters), or input and output (inout parameters). The question mark is used as a placeholder for the parameter.
Statement or preparestatement?
&NBSP, by reading other people's code, you can see that most of them are preparestatement preparestatement A precompiled statement is executed. The precompiled statement was db Compiler compiled execution code is cached, then the next call, as long as the same precompiled statement is not compiled, for multiple insertions but different data, use preparestatement .
inserting 1 data with Statement time consuming:
inserting 1 data with preparestatement time consuming:
  &NBSP,   security is preparestatement use Preparestatement . Everyone should know sql injected; spelled in a bunch of ways sql statement exists by sql the risk of injection; If you use precompiled statements, any content that is passed in will not have any matching relationship with the original statement, and security has a high level of elevation.
Summary
Although preparestatement has a lot of benefits compared to Statement , Statement is not a useless. If you insert a SQL statement that is not fixed, there is no regularity so that using preparestatement has no performance advantage. There is a certain rationality, so we should choose the right way according to the situation.
Java Foundation--statement and Preparestatement