This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes JDBC and the fly likes PreparedStatement vs Statement ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "PreparedStatement vs Statement ?" Watch "PreparedStatement vs Statement ?" New topic
Author

PreparedStatement vs Statement ?

Viraj Nawa
Greenhorn

Joined: Jul 01, 2009
Posts: 2
Hi,
I just wanted to know what is the best option to use in a project ? Is it PreparedStatement or Statement ? Does PreparedStatement give additional security over Statement Class ( Accessing Database and Retrieving Data ) ? If it does, can anyone explain me how it happens ?
Thank you !
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Viraj Nawa wrote:Does PreparedStatement give additional security over Statement Class ( Accessing Database and Retrieving Data ) ?

Not exactly "more security", nut more feasibility, as all we know PreparedStatement is derived from Statement, so it naturally more good than simple Statement.

Here is what SUN tutorial said about PreparedStatement;
http://java.sun.com/docs/books/tutorial/jdbc/basics/prepared.html


[LEARNING bLOG] | [Freelance Web Designer] | [and "Rohan" is part of my surname]
Balu Sadhasivam
Ranch Hand

Joined: Jan 01, 2009
Posts: 874

Sagar Rohankar wrote:
Viraj Nawa wrote:Does PreparedStatement give additional security over Statement Class ( Accessing Database and Retrieving Data ) ?

Not exactly "more security", nut more feasibility, as all we know PreparedStatement is derived from Statement, so it naturally more good than simple Statement.



Whats wrong in considering it as "security issue" when Statements are bound to "SQL Injection".
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Yes, right, PreparedStatement completely remove the 'SQL Injection' threat, I missed that.
 
 
subject: PreparedStatement vs Statement ?
 
Similar Threads
When should use Statement over PreparedStatement
Diff b/w Statement and PreparedStatement
When to close static PreparedStatements
Difference between Statement/Prepared statement?
Update in For loop.