| Author |
PreparedStatement vs Statement ?
|
Viraj Nawa
Greenhorn
Joined: Jul 01, 2009
Posts: 2
|
|
Hi,
I just wanted to know what is the best option to use in a project ? Is it PreparedStatement or Statement ? Does PreparedStatement give additional security over Statement Class ( Accessing Database and Retrieving Data ) ? If it does, can anyone explain me how it happens ?
Thank you !
|
 |
Sagar Rohankar
Ranch Hand
Joined: Feb 19, 2008
Posts: 2896
|
|
Viraj Nawa wrote:Does PreparedStatement give additional security over Statement Class ( Accessing Database and Retrieving Data ) ?
Not exactly "more security", nut more feasibility, as all we know PreparedStatement is derived from Statement, so it naturally more good than simple Statement.
Here is what SUN tutorial said about PreparedStatement;
http://java.sun.com/docs/books/tutorial/jdbc/basics/prepared.html
|
[LEARNING bLOG] | [Freelance Web Designer] | [and "Rohan" is part of my surname]
|
|
Balu Sadhasivam
Ranch Hand
Joined: Jan 01, 2009
Posts: 874
|
|
Sagar Rohankar wrote:
Viraj Nawa wrote:Does PreparedStatement give additional security over Statement Class ( Accessing Database and Retrieving Data ) ?
Not exactly "more security", nut more feasibility, as all we know PreparedStatement is derived from Statement, so it naturally more good than simple Statement.
Whats wrong in considering it as "security issue" when Statements are bound to "SQL Injection".
|
|
Sagar Rohankar
Ranch Hand
Joined: Feb 19, 2008
Posts: 2896
|
|
|
Yes, right, PreparedStatement completely remove the 'SQL Injection' threat, I missed that.
|
|
 |
|
|
subject: PreparedStatement vs Statement ?
|
|
|
0
