Hi all, does anybody have a link to some document comparing where and when to use prepared statements? Can anyone say what are the main points where prepared statements are better? I've got an app where I haven't used any prepared statments at all and I think I need to implement a better framework for my database access. Currently every database op has the SQL statement in two strings, one for Oracle and one for mySQL and the appropriate string is chosen depending on the config. I don't really like this because I always did apps where I can use stored procedures and I don't need any SQL in my Java code. If it turns into a big app, and we get a seperate database administrator, then he'll have to start diving into the java source files whenever he changes the database. Are there any other frameworks I can use?
I have seen things you people would not believe, attack ships on fire off the shoulder of Orion, c-beams sparkling in the dark near the Tennhauser Gate. All these moments will be lost in time, like tears in the rain.
I know prepared statements are precompiled statements, hence it's already parsed. It also makes it easy to execute the same statement while only changing the parameters to the statement. It also tekes care of formatting, special characters, etc. You can check out the JDBC tutorial at Sun's site for more details.
Bosun (SCJP, SCWCD)
So much trouble in the world -- Bob Marley
I also think you need to use prepared statement when you are calling a stored procedure. But in Oracle I know I can run a query like select stored_procedure(arguments) from dual and run them in the statement.execute. Just some 2 cents, for whatever it's worth Mark
Thanks for the tips, folks (especially the O'Reillys link). So what about the other issue, about where to write the actual SQL? Does everybody here do it in the business objects / layer, or has anybody ever implemented a seperate data layer which does the call to the database and returns marshalled data?