aspose file tools*
The moose likes JDBC and the fly likes PreparedStatement vs Statement ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Bookmark "PreparedStatement vs Statement ?" Watch "PreparedStatement vs Statement ?" New topic
Author

PreparedStatement vs Statement ?

Viraj Nawa
Greenhorn

Joined: Jul 01, 2009
Posts: 2
Hi,
I just wanted to know what is the best option to use in a project ? Is it PreparedStatement or Statement ? Does PreparedStatement give additional security over Statement Class ( Accessing Database and Retrieving Data ) ? If it does, can anyone explain me how it happens ?
Thank you !
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Viraj Nawa wrote:Does PreparedStatement give additional security over Statement Class ( Accessing Database and Retrieving Data ) ?

Not exactly "more security", nut more feasibility, as all we know PreparedStatement is derived from Statement, so it naturally more good than simple Statement.

Here is what SUN tutorial said about PreparedStatement;
http://java.sun.com/docs/books/tutorial/jdbc/basics/prepared.html


[LEARNING bLOG] | [Freelance Web Designer] | [and "Rohan" is part of my surname]
Balu Sadhasivam
Ranch Hand

Joined: Jan 01, 2009
Posts: 874

Sagar Rohankar wrote:
Viraj Nawa wrote:Does PreparedStatement give additional security over Statement Class ( Accessing Database and Retrieving Data ) ?

Not exactly "more security", nut more feasibility, as all we know PreparedStatement is derived from Statement, so it naturally more good than simple Statement.



Whats wrong in considering it as "security issue" when Statements are bound to "SQL Injection".
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Yes, right, PreparedStatement completely remove the 'SQL Injection' threat, I missed that.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: PreparedStatement vs Statement ?
 
Similar Threads
Update in For loop.
When to close static PreparedStatements
Diff b/w Statement and PreparedStatement
Difference between Statement/Prepared statement?
When should use Statement over PreparedStatement