I would like to eliminate Server Side Prepared Statements on PGSQL without changing my code. Is this something possible on JDBC with some parameter?
To be clear, I would like to use Client Prepared Statements, meaning my code will not change, and I will enjoy the security benefits of Prepared Statements, but not compile it on the server.
The documentation says:
There might be cases when you would want to disable use of server-prepared statements. For instance, if you route connections through a balancer that is incompatible with server-prepared statements, you have little choice.
You can disable usage of server side prepared statements by setting
prepareThreshold=0
A code sample:
java.sql.PreparedStatement pstmt = conn.prepareStatement("SELECT ...");
// get the PostgreSQL-specific class
org.postgresql.PGStatement pgstmt = pstmt.unwrap(org.postgresql.PGStatement.class);
// disable server-side prepared statements
pgstmt.setPrepareThreshold(0);
If you unwrap the org.postgresql.PGConnection in your java.sql.Connection, you can also set the threshold on the connection level for all prepared statements on that connection.
Example for adding it to the URL: jdbc:postgresql://localhost/test?user=fred&password=secret&ssl=true&prepareThreshold=0