Re: Difference between Statement and preparedStatement (for SQL databases) ?
From: David Harper (devnull_at_obliquity.u-net.com)
Date: 10/18/04
- Previous message: Luke Webber: "Re: Difference between Statement and preparedStatement (for SQL databases) ?"
- In reply to: Ken Philips: "Difference between Statement and preparedStatement (for SQL databases) ?"
- Next in thread: steph: "Re: Difference between Statement and preparedStatement (for SQL databases) ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 18 Oct 2004 05:34:15 GMT
There's one advantage of prepared statements that hasn't been mentioned
yet. They handle quotes more cleanly.
Consider an update such as
update mytable set blurb = "some string" where id = 1234
Suppose that, instead of "some string", you wanted to insert this text:
He said "You can't do that, O'Brian!"
A prepared statement makes this very simple:
PreparedStatement pstmt = conn.prepareStatement("update mytable
set blurb = ? where id = ?");
pstmt.setString(1, "He said \"You can't do that, O'Brian!\"");
pstmt.setInt(2, 1234);
int rows = pstmt.executeUpdate();
With a plain statement, the string itself is a quoted string inside the
query string:
String query = "update mytable set blurb = \"He said \"You can't do
that, O'Brian!\"\" where id = 1234";
You can see that this is almost certainly wrong, and the correct syntax
will be database-dependent.
David Harper
Cambridge, England
- Previous message: Luke Webber: "Re: Difference between Statement and preparedStatement (for SQL databases) ?"
- In reply to: Ken Philips: "Difference between Statement and preparedStatement (for SQL databases) ?"
- Next in thread: steph: "Re: Difference between Statement and preparedStatement (for SQL databases) ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
