PreparedStatement In Java
Prepared statement are more powerful than statement or we can say that its special kind of Object with some useful features.
Creating a Prepared Statement-
Before using the prepared statement we must have to create it,as given below,
String sql = "select * from worker where id=?";
PreparedStatemnt ps=connection.prepareStatement(sql);
Value Insertion in Prepared Statement
Wherever you need to insert a parameter into your SQL query at run time, you have to write a question mark (?).
e.g, String sql = "select * from people where id=?";
While PreparedStatement is created (prepared) for the above SQL statement,
We can insert parameters at the location of the question mark. This is done by using the setter method,
ps.setLong(1, 123);
In the above line will dig then come to know that The first number (1) is the index of the parameter to insert the value for. The second number (123) is the value to insert into the SQL statement.
If you have more than one parameter in a sql statement than you have to give the question marks as per parameter count.
Execution of PreparedStatement
Depend upon the requirement you may call executeQuery() or executeUpdate method.
e.g
String sql = "select * from worker where id=? and age=?";
PreparedStatement ps =
connection.prepareStatement(sql);
ps.setString(1, "1001");
ps.setString(2, "56");
ResultSet result = ps.executeQuery();
Characteristics of PreparedStatement,
Prepared statement are more powerful than statement or we can say that its special kind of Object with some useful features.
Creating a Prepared Statement-
Before using the prepared statement we must have to create it,as given below,
String sql = "select * from worker where id=?";
PreparedStatemnt ps=connection.prepareStatement(sql);
Value Insertion in Prepared Statement
Wherever you need to insert a parameter into your SQL query at run time, you have to write a question mark (?).
e.g, String sql = "select * from people where id=?";
While PreparedStatement is created (prepared) for the above SQL statement,
We can insert parameters at the location of the question mark. This is done by using the setter method,
ps.setLong(1, 123);
In the above line will dig then come to know that The first number (1) is the index of the parameter to insert the value for. The second number (123) is the value to insert into the SQL statement.
If you have more than one parameter in a sql statement than you have to give the question marks as per parameter count.
Execution of PreparedStatement
Depend upon the requirement you may call executeQuery() or executeUpdate method.
e.g
String sql = "select * from worker where id=? and age=?";
PreparedStatement ps =
connection.prepareStatement(sql);
ps.setString(1, "1001");
ps.setString(2, "56");
ResultSet result = ps.executeQuery();
Characteristics of PreparedStatement,
- if you want to execute a query in a loop (more than 1 time), prepared statement can be faster.
- Efficient for repeated executions
- It is precompiled so it's faster.(Precompilation and DB-side caching of the SQL statement leads to overall faster execution and the ability to reuse the same SQL statement in batches)
- sql injection is ignored by prepared statement so security is increase in prepared statement
- Easy to insert parameters into the SQL statement.
- Easy to reuse the PreparedStatement with new parameters.
- May increase performance of executed statements.
- Enables easier batch updates.
- inherits all methods from Statement. It inherits the addBatch method, and additionally allows a set of parameter values to be added to match the set of batched SQL commands via addBatch method.
- Prepared statements are normally executed through a non-SQL binary protocol. This means that there is less data in the packets, so communications to the server is faster. As a rule of thumb network operations are an order of magnitude faster than disk operations which are an order of magnitude faster than in-memory CPU operations. Hence, any reduction in amount of data sent over the network will have a good effect on overall performance.
No comments:
Post a Comment