When do we go for Statement or PreparedStatement?

Question

Possible Duplicate:
Difference between Statement and PreparedStatement

when do we go for Statement or PreparedStatement?

Vladimir Ivanov · Accepted Answer · 2011-04-08T06:55:05.280

4

you can use Statement only in case if you have no user-input parameters in your query. Otherwise, use PreparedStatement as it provides the mechanism to avoid sql-injections. Wiki is good at describing the mechanisms of it.

edited Apr 08 '11 at 06:55

answered Apr 08 '11 at 06:48

Vladimir Ivanov

42,730
18
77
103

can you explain clearly " it provides the mechanism to avoid sql-injections" – developer Apr 08 '11 at 06:49
1

Updated. Also you can look here: https://www.owasp.org/index.php/Preventing_SQL_Injection_in_Java – Vladimir Ivanov Apr 08 '11 at 06:55

score 1 · Answer 2 · answered Apr 08 '11 at 06:48

1

Whenever you want to provide parameters from parameters to your SQL statement (i.e. your SQL is not a fixed string).

answered Apr 08 '11 at 06:48

Joachim Sauer

302,674
57
556
614

score 0 · Answer 3 · answered Apr 08 '11 at 07:08

0

statment and preparedStatement, both used when ever you need to provise paramented or get parametes out of your dataBase using SQL. both method do the same, but preparedStatmnet will help ypu avoid sql-injections.

answered Apr 08 '11 at 07:08

Adi Mor

2,145
5
25
44

score 0 · Answer 4 · answered Apr 08 '11 at 07:32

PreparedStatement

If you need to pass user-provided data (to avoid SQL-injection).
If you run the same fixed statement a lot, for example if you need to run select * from stackoverflow_questions order by created desc limit 10 every few seconds :-) - The reason is: prepared statements are only parsed once, while statements are (at least in most databases) parsed each time.

Statement

For statements that don't occur a lot, such as create table... (DDL statements).

When do we go for Statement or PreparedStatement?

4 Answers4

Related