Originally posted by seby mathew:
ofcourse 'PreparedStatement' is a solution for tackling the single chords,
but remember 'PreparedStatement' is not meant for this purpose.
In best practice it is better to use 'PreparedStatement' only when your qry is executing frequently, or else better use 'Statement' , but you have to tackle the single chords in your string.
Originally posted by seby mathew:
There's a popular belief that using a PreparedStatement object is faster than using a Statement object. After all, a prepared statement has to verify its metadata against the database only once, while a statement has to do it every time. The truth of the matter is that it takes about 65 iterations of a prepared statement before its total time for execution catches up with a statement.
- www.oreilly.com
Because PreparedStatement objects are precompiled, their execution can be faster than that of Statement objects. Consequently, an SQL statement that is executed many times is often created as a PreparedStatement object to increase efficiency
- java.sun.com
'protection against SQL-injection attacks' is ofcourse an advantage but not the primary advantage.
this is not the right space to discuss the company policy
money grubbing section goes here:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
|