The difference between JDBC prepareStatement and Statement

table of Contents

 

pstm build dynamic sql

The difference between JDBC prepareStatement and Statement

         prepareStatement is a sub-interface of Statement

          The use steps are divided into 3 steps:

1 Create: Get preparedStatement object through connection

2, give it? Assignment (also called parameter binding)

3. Execute SQL

---

 

Let's first look at the difference between JDBC prepareStatement and Statement

As shown in the figure above, two points can be summarized,

1. Using PreparedStatement is safer and solves the problem of Sql injection

2. Higher efficiency, especially when there are more calls

Compared with Statement, it is a semi-finished product.

It is a sub-interface of Statement, and the usage steps are divided into 3 steps:

1 Create: Get preparedStatement object through connection

String sql  = "Select * from users_luxw where username= ? And password = password=?  " 

PreparedStatement pstm = conn.prepareStatemement(sql);

When creating, replace the part where the value of the Sql statement changes with a placeholder (?).

2, give it? Assignment (also called parameter binding)

   Use Set[type] method to give? Assignment, which Type represents? The data type of the location. The first parameter represents the position of the question mark, starting from 1; the second parameter is the specific value, such as:

     pstm.setString(1, username);

     pstm.setString(2, password);

3. Execute SQL

Pstm.executeQuery();

Pstm.executeUpdate();//Used when the executive is updated

At this point, JDBC sends all the corresponding parameters to the database server, calls and executes the pre-compiled SQL created in the first step in the pool

 

code show as below:

package jdbc;

import java.sql.Connection;
import java.sql.Date;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

public class demoprearedStatementf {
	public static void main(String[] args) {
		//加载获取连接
		Connection conn = null;
		PreparedStatement psm = null;
		 ResultSet rs = null;
		
		try {
			Class.forName("com.mysql.jdbc.Driver");
			//获取连接
			String url = "jdbc:mysql://localhost:3306/mybase";
			String user = "root";
			String password = "root123";
			
		    conn = DriverManager.getConnection(url, user, password);
		    //3、创建一个preparedStatement对象 预编译sql语句
		    //查询
		    String sql = "select * from test where deptno = ?";
		    psm  = conn.prepareStatement(sql); 
		    psm.setString(1,"10");
		    //删除
//		    String sql = "delete from test where ename=? ";
//		    psm = conn.prepareStatement(sql);
//		    psm.setString(1,"小弟");
//	    
		    //修改
//		    String sql = "update  test set job = ? where ename = ?";
//		    psm = conn.prepareStatement(sql);
//		    psm.setString(1, "manner");
//		    psm.setString(2, "白展堂");
		    
//		    //插入
//		    String sql = "insert into test(ename,job,deptno) values(?,?,?)";
//		    psm = conn.prepareStatement(sql);
//		    psm.setString(1, "大白");
//		    psm.setString(2, "leader");
//		    psm.setInt(3, 20);
			//4执行sql语句
//		    int line = psm.executeUpdate();//增删改都用 executeUpdate
//		    System.out.println("影响行数：  "+line);
		    rs = psm.executeQuery();
		    while(rs.next()){
		    int empno = rs.getInt(1); 
			String ename = rs.getString(2);
			String  job   = rs.getString(3);
			int	 mgr = rs.getInt(4);
			Date hiredata = rs.getDate(5);
			int	  sal  = rs.getInt(6);
			int	  commit  = rs.getInt(7);
			int   deptno = rs.getInt(8);			
			System.out.println(empno+" "+ename+" "+job+" "+mgr+" "+hiredata+" "+sal+" "+commit+" "+deptno);
		    }
		    
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		finally{	
			try {
				rs.close();
				psm.close();
				conn.close();
			} catch (SQLException e) {
				// TODO Auto-generated catch block
				e.printStackTrace();
			}				
		}		
	}
}