It's not a secret anymore!*
The moose likes JDBC and the fly likes Prepared Statement - createStatement diff Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Bookmark "Prepared Statement - createStatement diff" Watch "Prepared Statement - createStatement diff" New topic
Author

Prepared Statement - createStatement diff

Krishna Mohan V
Greenhorn

Joined: Mar 16, 2004
Posts: 20
Hi,

Please answer my query.

Statement stmt = con.createStatement();
String query = "select * from table1 where col1="+str1;
stmt.executeQuery(query);

I read that when I issue a executeQuery() or executeUpdate() method, stmt object sends the query to DBMS. Want to know where this will be compiled.
I got this doubt , when I am reading the following line in sun's site.

"The main feature of a PreparedStatement object is that, unlike a Statement object, it is given an SQL statement when it is created. The advantage to this is that in most cases, this SQL statement will be sent to the DBMS right away, where it will be compiled. As a result, the PreparedStatement object contains not just an SQL statement, but an SQL statement that has been precompiled"

can you tell me the exact difference between stmt and prepared statement objects.

Regards
Krishna
Adeel Ansari
Ranch Hand

Joined: Aug 15, 2004
Posts: 2874
this is the exact difference buddy.

PreparedStatement is precompiled.
Statement is not.

Moreover,
SQL injection doesn't work with PreparedStatement.
it could work with Statement, until you yourself takecare of it.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Prepared Statement - createStatement diff