Named Parameters for PreparedStatement | InfoWorld
PreparedStatement 语法问题
PreparedStatement 的问题源于其参数语法。参数是匿名的,并通过索引访问,如下所示:
PreparedStatement p = con.prepareStatement("select * from people where
(first_name = ? or last_name = ?) and address = ?");
p.setString(1, name);
p.setString(2, name);
p.setString(3, address);对于带有一两个参数的小型查询,这不是问题。但是,对于较大的查询,跟踪索引变得非常困难。开发人员必须仔细阅读 SQL 语句并计算问号以确定参数插入的位置。如果删除或插入参数,则必须重新编号所有后续参数索引。很明显,如果参数接近语句的开头并且有多个参数,或者如果查询被重组以使参数以不同的顺序出现,这可能会出现问题。
另一个不便之处是设置多个在逻辑上可能相同的参数。这可能发生在诸如select * from people where first_name=? or last_name=?. (这个特定的查询可以重写为select * from people where ? in (first_name, last_name),但有些查询不那么容易转换。)
解决方法
避免重新编号索引的一种解决方法是使用计数器来跟踪索引:
PreparedStatement p = con.prepareStatement("select * from people where
(first_name = ? or last_name = ?) and address = ?");
int i = 1;
p.setString(i++, name);
p.setString(i++, name);
p.setString(i++, address);这对于插入和删除参数时的稳定性特别有效。但是,代码仍然不再具有可读性,程序员仍然必须注意确保参数的列出顺序与它们在查询中使用的顺序相同。
命名参数语句
这将我们带到了我的班级(因为没有更好的名字)NamedParameterStatement。语法与 PreparedStatement 相同,只是参数表示为冒号后跟标识符,而不是问号。
String query = "select * from people where (first_name = :name or last_name
= :name) and address = :address");
NamedParameterStatement p = new NamedParameterStatement(con, query);
p.setString("name", name);
p.setString("address", address);在幕后,该类通过用问号替换参数标记并创建 PreparedStatement 来工作。在参数名称和它们的索引之间保留一个映射。注入参数时会引用此映射。这两个类是相互兼容的,因此程序员可以在他们认为合适的情况下将 PreparedStatement 用于某些查询,并将 NamedParameterStatement 用于其他查询。
表现
与执行查询所需的时间相比,翻译查询和查找参数索引所花费的时间实际上是最少的。如果需要考虑翻译时间,则可以将类修改为具有attach(Connection)和detach()方法。NamedParameterStatement 可以预先创建、附加到连接、使用和分离。但是,缓存(和同步,如有必要)这些对象所花费的时间可能会超过创建新对象所需的时间。
在我的计算机上针对一张小表对上述查询进行的测试给出了 NamedParameterStatement 的 352 微秒、AttachableNamedParameterStatement(无同步)的 325 微秒和原始 PreparedStatement 的 332 微秒的时间。翻译一个查询大约需要 6 微秒。不可思议的是,AttachableNamedParameterStatement 始终比原始 PreparedStatement 稍有优势。由于垃圾收集、即时编译等原因,对 Java 代码进行基准测试是出了名的困难,因此对这些结果应该持保留态度。
一般来说,性能不是问题,尤其是当实际查询正在做任何重要的事情时。
结论
NamedParameterStatement 作为 PreparedStatement 的直接替代品是有效的,无需配置。新类提供的更简单的界面可以提高程序员的工作效率。也许更重要的是,维护更容易,因为代码更具可读性。
代码
//STEP 1. Import required packages
import java.sql.*;
public class JDBCNamedParameterStatement {
// JDBC driver name and database URL
static final String DB_DRIVER_CLASS_NAME = "com.mysql.cj.jdbc.Driver";
static final String DB_URL = "jdbc:mysql://localhost:3306/emp?autoReconnect=true&useSSL=false&useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai";
// Database credentials
static final String DB_USERNAME = "root";
static final String DB_PASSWORD = "root";
public static void main(String[] args) {
Connection conn = null;
try {
//STEP 2: Register JDBC driver
Class.forName(DB_DRIVER_CLASS_NAME);
//STEP 3: Open a connection
System.out.println("Connecting to database...");
conn = DriverManager.getConnection(DB_URL, DB_USERNAME, DB_PASSWORD);
//STEP 4: Execute a query
System.out.println("Creating statement...");
String query = "SELECT id, first, last, age FROM Employees where id=:id";
NamedParameterStatement p = new NamedParameterStatement(conn, query);
p.setInt("id", 100);
ResultSet rs = p.executeQuery();
//STEP 5: Extract data from result set
while (rs.next()) {
//Retrieve by column name
int id = rs.getInt("id");
int age = rs.getInt("age");
String first = rs.getString("first");
String last = rs.getString("last");
//Display values
System.out.print("ID: " + id);
System.out.print(", Age: " + age);
System.out.print(", First: " + first);
System.out.println(", Last: " + last);
}
//STEP 6: Clean-up environment
rs.close();
p.close();
conn.close();
} catch (SQLException se) {
//Handle errors for JDBC
se.printStackTrace();
} catch (Exception e) {
//Handle errors for Class.forName
e.printStackTrace();
} finally {
//finally block used to close resources
try {
if (conn != null) {
conn.close();
}
} catch (SQLException se) {
se.printStackTrace();
}//end finally try
}//end try
System.out.println("Goodbye!");
}//end main
}//end JDBCExample
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.sql.Timestamp;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
/**
* This class wraps around a {@link PreparedStatement} and allows the programmer
* to set parameters by name instead of by index. This eliminates any confusion
* as to which parameter index represents what. This also means that rearranging
* the SQL statement or adding a parameter doesn't involve renumbering your
* indices. Code such as this:
*
*
* Connection con=getConnection(); String query="select * from my_table where
* name=? or address=?"; PreparedStatement p=con.prepareStatement(query);
* p.setString(1, "bob"); p.setString(2, "123 terrace ct"); ResultSet
* rs=p.executeQuery();
*
* can be replaced with:
*
* Connection con=getConnection(); String query="select * from my_table where
* name=:name or address=:address"; NamedParameterStatement p=new
* NamedParameterStatement(con, query); p.setString("name", "bob");
* p.setString("address", "123 terrace ct"); ResultSet rs=p.executeQuery();
*
* Sourced from JavaWorld Article @
* http://www.javaworld.com/javaworld/jw-04-2007/jw-04-jdbc.html
*
* @author adam_crume
*/
public class NamedParameterStatement {
/**
* The statement this object is wrapping.
*/
private final PreparedStatement statement;
/**
* Maps parameter names to arrays of ints which are the parameter indices.
*/
private Map<String, int[]> indexMap;
/**
* Creates a NamedParameterStatement. Wraps a call to c.{@link Connection#prepareStatement(java.lang.String)
* prepareStatement}.
*
* @param connection the database connection
* @param query the parameterized query
* @throws SQLException if the statement could not be created
*/
public NamedParameterStatement(Connection connection, String query) throws SQLException {
String parsedQuery = parse(query);
statement = connection.prepareStatement(parsedQuery);
}
/**
* Parses a query with named parameters. The parameter-index mappings are
* put into the map, and the parsed query is returned. DO NOT CALL FROM
* CLIENT CODE. This method is non-private so JUnit code can test it.
*
* @param query query to parse
* @param paramMap map to hold parameter-index mappings
* @return the parsed query
*/
final String parse(String query) {
// I was originally using regular expressions, but they didn't work well for ignoring
// parameter-like strings inside quotes.
int length = query.length();
StringBuffer parsedQuery = new StringBuffer(length);
boolean inSingleQuote = false;
boolean inDoubleQuote = false;
int index = 1;
HashMap<String, List<Integer>> indexes = new HashMap<String, List<Integer>>(10);
for (int i = 0; i < length; i++) {
char c = query.charAt(i);
if (inSingleQuote) {
if (c == '\'') {
inSingleQuote = false;
}
} else if (inDoubleQuote) {
if (c == '"') {
inDoubleQuote = false;
}
} else {
if (c == '\'') {
inSingleQuote = true;
} else if (c == '"') {
inDoubleQuote = true;
} else if (c == ':' && i + 1 < length && Character.isJavaIdentifierStart(query.charAt(i + 1))) {
int j = i + 2;
while (j < length && Character.isJavaIdentifierPart(query.charAt(j))) {
j++;
}
String name = query.substring(i + 1, j);
c = '?'; // replace the parameter with a question mark
i += name.length(); // skip past the end if the parameter
List<Integer> indexList = indexes.get(name);
if (indexList == null) {
indexList = new LinkedList<Integer>();
indexes.put(name, indexList);
}
indexList.add(Integer.valueOf(index));
index++;
}
}
parsedQuery.append(c);
}
indexMap = new HashMap<String, int[]>(indexes.size());
// replace the lists of Integer objects with arrays of ints
for (Map.Entry<String, List<Integer>> entry : indexes.entrySet()) {
List<Integer> list = entry.getValue();
int[] intIndexes = new int[list.size()];
int i = 0;
for (Integer x : list) {
intIndexes[i++] = x.intValue();
}
indexMap.put(entry.getKey(), intIndexes);
}
return parsedQuery.toString();
}
/**
* Returns the indexes for a parameter.
*
* @param name parameter name
* @return parameter indexes
* @throws IllegalArgumentException if the parameter does not exist
*/
private int[] getIndexes(String name) {
int[] indexes = indexMap.get(name);
if (indexes == null) {
throw new IllegalArgumentException("Parameter not found: " + name);
}
return indexes;
}
/**
* Sets a parameter.
*
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setObject(int, java.lang.Object)
*/
public void setObject(String name, Object value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setObject(indexes[i], value);
}
}
/**
* Sets a parameter.
*
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setString(int, java.lang.String)
*/
public void setString(String name, String value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setString(indexes[i], value);
}
}
/**
* Sets a parameter.
*
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setInt(int, int)
*/
public void setInt(String name, int value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setInt(indexes[i], value);
}
}
/**
* Sets a parameter.
*
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setInt(int, int)
*/
public void setLong(String name, long value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setLong(indexes[i], value);
}
}
/**
* Sets a parameter.
*
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setTimestamp(int, java.sql.Timestamp)
*/
public void setTimestamp(String name, Timestamp value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setTimestamp(indexes[i], value);
}
}
/**
* Returns the underlying statement.
*
* @return the statement
*/
public PreparedStatement getStatement() {
return statement;
}
/**
* Executes the statement.
*
* @return true if the first result is a {@link ResultSet}
* @throws SQLException if an error occurred
* @see PreparedStatement#execute()
*/
public boolean execute() throws SQLException {
return statement.execute();
}
/**
* Executes the statement, which must be a query.
*
* @return the query results
* @throws SQLException if an error occurred
* @see PreparedStatement#executeQuery()
*/
public ResultSet executeQuery() throws SQLException {
return statement.executeQuery();
}
/**
* Executes the statement, which must be an SQL INSERT, UPDATE or DELETE
* statement; or an SQL statement that returns nothing, such as a DDL
* statement.
*
* @return number of rows affected
* @throws SQLException if an error occurred
* @see PreparedStatement#executeUpdate()
*/
public int executeUpdate() throws SQLException {
return statement.executeUpdate();
}
/**
* Closes the statement.
*
* @throws SQLException if an error occurred
* @see Statement#close()
*/
public void close() throws SQLException {
statement.close();
}
/**
* Adds the current set of parameters as a batch entry.
*
* @throws SQLException if something went wrong
*/
public void addBatch() throws SQLException {
statement.addBatch();
}
/**
* Executes all of the batched statements.
*
* See {@link Statement#executeBatch()} for details.
*
* @return update counts for each statement
* @throws SQLException if something went wrong
*/
public int[] executeBatch() throws SQLException {
return statement.executeBatch();
}
}
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.sql.Timestamp;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
public class NamedParameterStatement implements AutoCloseable {
public static final int[] EMPTY = {};
/**
* The statement this object is wrapping.
*/
public final PreparedStatement statement;
/**
* Maps parameter names to arrays of ints which are the parameter indices.
*/
private final Map indexMap;
/**
* Creates a NamedParameterStatement. Wraps a call to c.{@link Connection#prepareStatement(java.lang.String)
* prepareStatement}.
*
* @param connection the database connection
* @param query the parameterized query
* @throws SQLException if the statement could not be created
*/
public NamedParameterStatement(Connection connection, String query) throws SQLException {
indexMap = new HashMap();
String parsedQuery = parse(query, indexMap);
statement = connection.prepareStatement(parsedQuery);
}
/**
* Parses a query with named parameters. The parameter-index mappings are
* put into the map, and the parsed query is returned. DO NOT CALL FROM
* CLIENT CODE. This method is non-private so JUnit code can test it.
*
* @param query query to parse
* @param paramMap map to hold parameter-index mappings
* @return the parsed query
*/
static String parse(String query, Map paramMap) {
// I was originally using regular expressions, but they didn't work well for ignoring
// parameter-like strings inside quotes.
int length = query.length();
final StringBuilder parsedQuery = new StringBuilder(length);
boolean inSingleQuote = false;
boolean inDoubleQuote = false;
int index = 1;
for (int i = 0; i < length; i++) {
char c = query.charAt(i);
if (inSingleQuote) {
if (c == '\'') {
inSingleQuote = false;
}
} else if (inDoubleQuote) {
if (c == '"') {
inDoubleQuote = false;
}
} else {
if (c == '\'') {
inSingleQuote = true;
} else if (c == '"') {
inDoubleQuote = true;
} else if (c == ':' && i + 1 < length
&& Character.isJavaIdentifierStart(query.charAt(i + 1))) {
int j = i + 2;
while (j < length && Character.isJavaIdentifierPart(query.charAt(j))) {
j++;
}
String name = query.substring(i + 1, j);
c = '?'; // replace the parameter with a question mark
i += name.length(); // skip past the end if the parameter
List indexList = (List) paramMap.get(name);
if (indexList == null) {
indexList = new LinkedList();
paramMap.put(name, indexList);
}
indexList.add(new Integer(index));
index++;
}
}
parsedQuery.append(c);
}
// replace the lists of Integer objects with arrays of ints
for (Iterator itr = paramMap.entrySet().iterator(); itr.hasNext();) {
Map.Entry entry = (Map.Entry) itr.next();
List list = (List) entry.getValue();
int[] indexes = new int[list.size()];
int i = 0;
for (Object aList : list) {
Integer x = (Integer) aList;
indexes[i++] = x.intValue();
}
list.clear();
entry.setValue(indexes);
}
return parsedQuery.toString();
}
/**
* Returns the indexes for a parameter.
*
* @param name parameter name
* @return parameter indexes
* @throws IllegalArgumentException if the parameter does not exist
*/
private int[] getIndexes(String name) {
int[] indexes = (int[]) indexMap.get(name);
if (indexes == null) {
// throw new IllegalArgumentException("Parameter not found: " + name);
return EMPTY;
}
return indexes;
}
/**
* Sets a parameter.
*
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setObject(int, java.lang.Object)
*/
public void setObject(String name, Object value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setObject(indexes[i], value);
}
}
public void setProperties(Map<String, Object> params) throws SQLException {
for (Map.Entry<String, Object> entry : params.entrySet()) {
int[] indexes = getIndexes(entry.getKey());
final Object value = entry.getValue();
Timestamp valueTS = null;
if (value != null && value.getClass() == Date.class) {
valueTS = new Timestamp(((Date) value).getTime());
}
for (int i : indexes) {
if (valueTS != null) {
statement.setTimestamp(i, valueTS);
} else {
statement.setObject(i, value);
}
}
}
}
/**
* Sets a parameter.
*
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setString(int, java.lang.String)
*/
public void setString(String name, String value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setString(indexes[i], value);
}
}
/**
* Sets a parameter.
*
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setInt(int, int)
*/
public void setInt(String name, int value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setInt(indexes[i], value);
}
}
/**
* Sets a parameter.
*
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setInt(int, int)
*/
public void setLong(String name, long value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setLong(indexes[i], value);
}
}
public void setDouble(String name, double value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setDouble(indexes[i], value);
}
}
/**
* Sets a parameter.
*
* @param name parameter name
* @param value parameter value
* @throws SQLException if an error occurred
* @throws IllegalArgumentException if the parameter does not exist
* @see PreparedStatement#setTimestamp(int, java.sql.Timestamp)
*/
public void setTimestamp(String name, Timestamp value) throws SQLException {
int[] indexes = getIndexes(name);
for (int i = 0; i < indexes.length; i++) {
statement.setTimestamp(indexes[i], value);
}
}
/**
* Returns the underlying statement.
*
* @return the statement
*/
public PreparedStatement getStatement() {
return statement;
}
/**
* Executes the statement.
*
* @return true if the first result is a {@link ResultSet}
* @throws SQLException if an error occurred
* @see PreparedStatement#execute()
*/
public boolean execute() throws SQLException {
return statement.execute();
}
/**
* Executes the statement, which must be a query.
*
* @return the query results
* @throws SQLException if an error occurred
* @see PreparedStatement#executeQuery()
*/
public ResultSet executeQuery() throws SQLException {
return statement.executeQuery();
}
/**
* Executes the statement, which must be an SQL INSERT, UPDATE or DELETE
* statement; or an SQL statement that returns nothing, such as a DDL
* statement.
*
* @return number of rows affected
* @throws SQLException if an error occurred
* @see PreparedStatement#executeUpdate()
*/
public int executeUpdate() throws SQLException {
return statement.executeUpdate();
}
/**
* Closes the statement.
*
* @throws SQLException if an error occurred
* @see Statement#close()
*/
public void close() throws SQLException {
statement.close();
indexMap.clear();
}
/**
* Adds the current set of parameters as a batch entry.
*
* @throws SQLException if something went wrong
*/
public void addBatch() throws SQLException {
statement.addBatch();
}
/**
* Executes all of the batched statements.
* <p>
* See {@link Statement#executeBatch()} for details.
*
* @return update counts for each statement
* @throws SQLException if something went wrong
*/
public int[] executeBatch() throws SQLException {
return statement.executeBatch();
}
public void setFetchSize(int rows) throws SQLException {
statement.setFetchSize(rows);
statement.setFetchDirection(ResultSet.FETCH_FORWARD);
}
}