*
The moose likes JDBC and the fly likes use a Statement rather than PreparedStatement Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Bookmark "use a Statement rather than PreparedStatement" Watch "use a Statement rather than PreparedStatement" New topic
Author

use a Statement rather than PreparedStatement

PavanPL KalyanK
Ranch Hand

Joined: Feb 28, 2009
Posts: 212
Hi ,

I am asked in a interview will it be ever feasible to use a Statement rather than PreparedStatement .

But i disagreed that always PreparedStatement is good to use .

Am i right ?
Campbell Ritchie
Sheriff

Joined: Oct 13, 2005
Posts: 38896
    
  23
Did you get the job?

The correct answer is, "Yes, you can use a Statement, but it is usually better to use a PreparedStatement because . . . "

And I shall let you fill in the reasons why PreparedStatement is better.
Dawn Charangat
Ranch Hand

Joined: Apr 26, 2007
Posts: 249
got the job ???

well, prepared statement is a pre-compiled statement..... which means the statement part is compiled and ready - only the data part will change

eg: insert arg1, arg2 into table1

arg1 and arg2 are the changeable parts [for instance], and the overall structure of the statement is stable - so make it a preparedstatement, so that it will have a better performance than the simple statement.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

A trick question would be: under what condition(s) could (I say could rather than would) you prefer a plain Statement over a PreparedStatement?
PavanPL KalyanK
Ranch Hand

Joined: Feb 28, 2009
Posts: 212
Did you get the job?

They called me after the interview to the HR round and said i was kept in Hold .
U Kvistborg
Greenhorn

Joined: Oct 14, 2002
Posts: 29
But why is it often better to use the prepared statement, I mean it gets compiled, but compiled by what ? The database ?
Should a prepared statement then allways perhaps be in a static variable because it is then here precompiled and ready to get variables inserted and executed ?
Should I use a statement rather than a prepared statement if the sql differs, could be that the where clause is changed ?

Often the only reasonI like the prepared statement is because of the setter methods, especially when setting a date, and there is no problems with the ' and remembering these in the sql string and stuff like that. But if you do not know what is on the where claus you need to keep track on this while building the statement, and then after creating it the insertion.
This is because then I do not need to use like = '%' which makes the database a bit slower. So it is better to remove this from the where clause.

If that where part of an ordinarry statement I would properly more often need to use that compared to the prepared statement.

should a prepared statement really be one that is useable like a static virable to the class ?


SCJP 1.4/1.5, SCWCD 1.4, SCBCD 1.3
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336


Should I use a statement rather than a prepared statement if the sql differs, could be that the where clause is changed ?

One reason to prefer PreparedStatements over Statements is to reduce the possibility of SQL injection attacks. Since parameters are bound a malicious user cannot use normal escape characters to end SQL statements and inject thier own SQL.

JavaRanch FAQ HowToAskQuestionsOnJavaRanch
 
jQuery in Action, 2nd edition
 
subject: use a Statement rather than PreparedStatement