The difference between Statement and PreparedStatement
PreparedStatement precompiles SQL statements with good performance.
PreparedStatement splices SQL statements out of order, making programming easier.
PreparedStatement can prevent SQL injection and has good security.
Statement is created by the method createStatement(), which is used to send simple static SQL statements.
PreparedStatement is created by the method preparedStatement(), which is used to send an
SQL statement with one or more input parameters. This method inherits all the methods of Statement. and expanded.
The SQL statement uses "?" as the data placeholder, and uses the setXxx() method to set the data.
The first parameter of the setXxx() method is to set the ordinal position of the parameter, and the second parameter is to set the value of the parameter.
//Statement的用法
int id=111;
String sql="selsect * from user where id="+id;
Statement st=connection.CreateStatement();
ResultSet rs=st.executeQuery(sql);
//Usage of
PreparedStatement //PreparedStatement can replace variables (can be included in SQL statements?)
String sql="select * from user where id=?";
PreparedStatement ps=connection.preparedStatement(sql);//sql is done here Precompiled
int id =111;
ps.setInt(1,id);//Pass in parameter
ResultSet for sql rs=ps.executeQuery();//sql is not needed here because it has been precompiled above
PreparedStatement precompiles SQL statements with good performance.
PreparedStatement splices SQL statements out of order, making programming easier.
PreparedStatement can prevent SQL injection and has good security.
Statement is created by the method createStatement(), which is used to send simple static SQL statements.
PreparedStatement is created by the method preparedStatement(), which is used to send an
SQL statement with one or more input parameters. This method inherits all the methods of Statement. and expanded.
The SQL statement uses "?" as the data placeholder, and uses the setXxx() method to set the data.
The first parameter of the setXxx() method is to set the ordinal position of the parameter, and the second parameter is to set the value of the parameter.
//Statement的用法
int id=111;
String sql="selsect * from user where id="+id;
Statement st=connection.CreateStatement();
ResultSet rs=st.executeQuery(sql);
//Usage of
PreparedStatement //PreparedStatement can replace variables (can be included in SQL statements?)
String sql="select * from user where id=?";
PreparedStatement ps=connection.preparedStatement(sql);//sql is done here Precompiled
int id =111;
ps.setInt(1,id);//Pass in parameter
ResultSet for sql rs=ps.executeQuery();//sql is not needed here because it has been precompiled above
String updateString = "UPDATE COFFEES SET SALES = 75 " + "WHERE COF_NAME LIKE 'Colombian'";
stmt.executeUpdate(updateString);
Code Fragment 2:
PreparedStatement updateSales = con.prepareStatement("UPDATE COFFEES SET SALES = ? WHERE COF_NAME LIKE ? ");
updateSales.setInt(1, 75);
updateSales.setString(2, "Colombian");
updateSales.executeUpdate();
The difference between fragment 2 and fragment 1 is that the latter uses a PreparedStatement object, while the former is an ordinary Statement object. The PreparedStatement object not only contains the SQL statement, but in most cases the statement has been precompiled, so when it is executed, only the DBMS needs to run the SQL statement without compiling it first. When you need to execute the Statement object multiple times, the PreparedStatement object will greatly reduce the running time and of course speed up the access to the database.
This conversion also brings you great convenience. You don't have to repeat the syntax of the SQL statement, but only need to change the value of the variable to re-execute the SQL statement. Whether the PreparedStatement object is selected or not depends on whether the SQL statement with the same syntax is executed multiple times, and the difference between the two times is only the difference in variables. If it is only executed once, it should be no different from ordinary objects, and it does not reflect the advantages of its pre-compilation.