This week's book giveaway is in the OCMJEA forum.
We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line!
See this thread for details.
The moose likes JDBC and the fly likes PreparedStatement vs Statement ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "PreparedStatement vs Statement ?" Watch "PreparedStatement vs Statement ?" New topic
Author

PreparedStatement vs Statement ?

Viraj Nawa
Greenhorn

Joined: Jul 01, 2009
Posts: 2
Hi,
I just wanted to know what is the best option to use in a project ? Is it PreparedStatement or Statement ? Does PreparedStatement give additional security over Statement Class ( Accessing Database and Retrieving Data ) ? If it does, can anyone explain me how it happens ?
Thank you !
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Viraj Nawa wrote:Does PreparedStatement give additional security over Statement Class ( Accessing Database and Retrieving Data ) ?

Not exactly "more security", nut more feasibility, as all we know PreparedStatement is derived from Statement, so it naturally more good than simple Statement.

Here is what SUN tutorial said about PreparedStatement;
http://java.sun.com/docs/books/tutorial/jdbc/basics/prepared.html


[LEARNING bLOG] | [Freelance Web Designer] | [and "Rohan" is part of my surname]
Balu Sadhasivam
Ranch Hand

Joined: Jan 01, 2009
Posts: 874

Sagar Rohankar wrote:
Viraj Nawa wrote:Does PreparedStatement give additional security over Statement Class ( Accessing Database and Retrieving Data ) ?

Not exactly "more security", nut more feasibility, as all we know PreparedStatement is derived from Statement, so it naturally more good than simple Statement.



Whats wrong in considering it as "security issue" when Statements are bound to "SQL Injection".
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Yes, right, PreparedStatement completely remove the 'SQL Injection' threat, I missed that.
 
 
subject: PreparedStatement vs Statement ?