This week's book giveaway is in the Jobs Discussion forum.
We're giving away four copies of Soft Skills: The software developer's life manual and have John Sonmez on-line!
See this thread for details.
Win a copy of Soft Skills: The software developer's life manual this week in the Jobs Discussion forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Prepared Statement - createStatement diff

 
Krishna Mohan V
Greenhorn
Posts: 20
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Please answer my query.

Statement stmt = con.createStatement();
String query = "select * from table1 where col1="+str1;
stmt.executeQuery(query);

I read that when I issue a executeQuery() or executeUpdate() method, stmt object sends the query to DBMS. Want to know where this will be compiled.
I got this doubt , when I am reading the following line in sun's site.

"The main feature of a PreparedStatement object is that, unlike a Statement object, it is given an SQL statement when it is created. The advantage to this is that in most cases, this SQL statement will be sent to the DBMS right away, where it will be compiled. As a result, the PreparedStatement object contains not just an SQL statement, but an SQL statement that has been precompiled"

can you tell me the exact difference between stmt and prepared statement objects.

Regards
Krishna
 
Adeel Ansari
Ranch Hand
Posts: 2874
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
this is the exact difference buddy.

PreparedStatement is precompiled.
Statement is not.

Moreover,
SQL injection doesn't work with PreparedStatement.
it could work with Statement, until you yourself takecare of it.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic